Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request.

commit: 66f3cc6f8de83c447d937160e4a1630c4482b5f5 [log] [tgz]
author: Charles-François Natali <neologix@free.fr> Sat Feb 18 14:15:38 2012 +0100
committer: Charles-François Natali <neologix@free.fr> Sat Feb 18 14:15:38 2012 +0100
tree: dbe098ca2acbcbdcdd4fd7dc2c7394dbf46c6037
parent: d358e0554bc520768041652676ec8e6076f221a9 [diff]
diff --git a/Lib/SimpleXMLRPCServer.py b/Lib/SimpleXMLRPCServer.py
index 6af2f2f..23ad5bd 100644
--- a/Lib/SimpleXMLRPCServer.py
+++ b/Lib/SimpleXMLRPCServer.py

@@ -459,7 +459,10 @@
             L = []
             while size_remaining:
                 chunk_size = min(size_remaining, max_chunk_size)
-                L.append(self.rfile.read(chunk_size))
+                chunk = self.rfile.read(chunk_size)
+                if not chunk:
+                    break
+                L.append(chunk)
                 size_remaining -= len(L[-1])
             data = ''.join(L)
 

diff --git a/Misc/NEWS b/Misc/NEWS
index 92e8197..20d39b6 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -13,6 +13,9 @@
 Library
 -------
 
+- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
+  SimpleXMLRPCServer upon malformed POST request.
+
 - Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
   IV attack countermeasure.
commit	66f3cc6f8de83c447d937160e4a1630c4482b5f5	[log] [tgz]
author	Charles-François Natali <neologix@free.fr>	Sat Feb 18 14:15:38 2012 +0100
committer	Charles-François Natali <neologix@free.fr>	Sat Feb 18 14:15:38 2012 +0100
tree	dbe098ca2acbcbdcdd4fd7dc2c7394dbf46c6037
parent	d358e0554bc520768041652676ec8e6076f221a9 [diff]