Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / 671138f27dcdc3d259e85f7603acf01a46a44515^! / .
commit671138f27dcdc3d259e85f7603acf01a46a44515[log] [tgz]
authorChristian Heimes <christian@cheimes.de>Tue Sep 25 13:29:30 2012 +0200
committerChristian Heimes <christian@cheimes.de>Tue Sep 25 13:29:30 2012 +0200
tree42d56b81249c0287a8742c3acad23c0da74f2dac
parentd41dc7ce468edda4172c228dae949a477d8ab03d [diff]
Issue #16037: Limit httplib's _read_status() function to work around broken
HTTP servers and reduce memory usage. It's actually a backport of a Python
3.2 fix. Thanks to Adrien Kunysz.

diff --git a/Lib/httplib.py b/Lib/httplib.py
index 98296dc..4c8b0fe 100644
--- a/Lib/httplib.py
+++ b/Lib/httplib.py

@@ -362,7 +362,9 @@
 
     def _read_status(self):
         # Initialize with Simple-Response defaults
-        line = self.fp.readline()
+        line = self.fp.readline(_MAXLINE + 1)
+        if len(line) > _MAXLINE:
+            raise LineTooLong("header line")
         if self.debuglevel > 0:
             print "reply:", repr(line)
         if not line:

diff --git a/Misc/NEWS b/Misc/NEWS
index 2693072..fdd84fe 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -9,6 +9,10 @@
 Core and Builtins
 -----------------
 
+- Issue #16037: Limit httplib's _read_status() function to work around broken
+  HTTP servers and reduce memory usage. It's actually a backport of a Python
+  3.2 fix. Thanks to Adrien Kunysz.
+
 - Issue #13992: The trashcan mechanism is now thread-safe.  This eliminates
   sporadic crashes in multi-thread programs when several long deallocator
   chains ran concurrently and involved subclasses of built-in container