Merged revisions 87317 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87317 | antoine.pitrou | 2010-12-16 17:48:36 +0100 (jeu., 16 déc. 2010) | 4 lines Issue #10714: Limit length of incoming request in http.server to 65536 bytes for security reasons. Initial patch by Ross Lagerwall. ........ (also backport some tests)

commit: 3022ce1a14b364a1d1d69405646aae892d827666 [log] [tgz]
author: Antoine Pitrou <solipsis@pitrou.net> Thu Dec 16 17:03:16 2010 +0000
committer: Antoine Pitrou <solipsis@pitrou.net> Thu Dec 16 17:03:16 2010 +0000
tree: fd1d9c88c256dbb29762cc1e021da711e0a6c291
parent: 0da0c48e2362d9ec7f5ef0ea4302728c1c7d56d8 [diff] [blame]
diff --git a/Lib/http/server.py b/Lib/http/server.py
index c5b00d6..5ac6c0d 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py

@@ -333,7 +333,13 @@
         commands such as GET and POST.
 
         """
-        self.raw_requestline = self.rfile.readline()
+        self.raw_requestline = self.rfile.readline(65537)
+        if len(self.raw_requestline) > 65536:
+            self.requestline = ''
+            self.request_version = ''
+            self.command = ''
+            self.send_error(414)
+            return
         if not self.raw_requestline:
             self.close_connection = 1
             return
commit	3022ce1a14b364a1d1d69405646aae892d827666	[log] [tgz]
author	Antoine Pitrou <solipsis@pitrou.net>	Thu Dec 16 17:03:16 2010 +0000
committer	Antoine Pitrou <solipsis@pitrou.net>	Thu Dec 16 17:03:16 2010 +0000
tree	fd1d9c88c256dbb29762cc1e021da711e0a6c291
parent	0da0c48e2362d9ec7f5ef0ea4302728c1c7d56d8 [diff] [blame]