Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
index e97420b..3814191 100644
--- a/Lib/test/test_xmlrpc.py
+++ b/Lib/test/test_xmlrpc.py
@@ -474,12 +474,7 @@
def tearDown(self):
# wait on the server thread to terminate
- self.evt.wait(4.0)
- # XXX this code does not work, and in fact stop_serving doesn't exist.
- if not self.evt.is_set():
- self.evt.set()
- stop_serving()
- raise RuntimeError("timeout reached, test has failed")
+ self.evt.wait()
# disable traceback reporting
xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
@@ -626,6 +621,13 @@
server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT))
self.assertEqual(server.add("a", "\xe9"), "a\xe9")
+ def test_partial_post(self):
+ # Check that a partial POST doesn't make the server loop: issue #14001.
+ conn = http.client.HTTPConnection(ADDR, PORT)
+ conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
+ conn.close()
+
+
class MultiPathServerTestCase(BaseServerTestCase):
threadFunc = staticmethod(http_multi_server)
request_count = 2