Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
index e97420b..3814191 100644
--- a/Lib/test/test_xmlrpc.py
+++ b/Lib/test/test_xmlrpc.py
@@ -474,12 +474,7 @@
def tearDown(self):
# wait on the server thread to terminate
- self.evt.wait(4.0)
- # XXX this code does not work, and in fact stop_serving doesn't exist.
- if not self.evt.is_set():
- self.evt.set()
- stop_serving()
- raise RuntimeError("timeout reached, test has failed")
+ self.evt.wait()
# disable traceback reporting
xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
@@ -626,6 +621,13 @@
server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT))
self.assertEqual(server.add("a", "\xe9"), "a\xe9")
+ def test_partial_post(self):
+ # Check that a partial POST doesn't make the server loop: issue #14001.
+ conn = http.client.HTTPConnection(ADDR, PORT)
+ conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
+ conn.close()
+
+
class MultiPathServerTestCase(BaseServerTestCase):
threadFunc = staticmethod(http_multi_server)
request_count = 2
diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
index 72f3bfc..d7ed3f3 100644
--- a/Lib/xmlrpc/server.py
+++ b/Lib/xmlrpc/server.py
@@ -474,7 +474,10 @@
L = []
while size_remaining:
chunk_size = min(size_remaining, max_chunk_size)
- L.append(self.rfile.read(chunk_size))
+ chunk = self.rfile.read(chunk_size)
+ if not chunk:
+ break
+ L.append(chunk)
size_remaining -= len(L[-1])
data = b''.join(L)