Merged revisions 87317 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87317 | antoine.pitrou | 2010-12-16 17:48:36 +0100 (jeu., 16 déc. 2010) | 4 lines Issue #10714: Limit length of incoming request in http.server to 65536 bytes for security reasons. Initial patch by Ross Lagerwall. ........ (also backported some tests)

commit: 47d9b0e08aeea13ceb7ef7b41e1664f4c81a0958 [log] [tgz]
author: Antoine Pitrou <solipsis@pitrou.net> Thu Dec 16 17:11:34 2010 +0000
committer: Antoine Pitrou <solipsis@pitrou.net> Thu Dec 16 17:11:34 2010 +0000
tree: d379f344ae0262c6161541e62069f646bae7fb95
parent: fd1cf6f8322eb34063ecad81422d0df032a8bcfc [diff] [blame]
diff --git a/Lib/BaseHTTPServer.py b/Lib/BaseHTTPServer.py
index c97c762..da04315 100644
--- a/Lib/BaseHTTPServer.py
+++ b/Lib/BaseHTTPServer.py

@@ -310,7 +310,13 @@
 
         """
         try:
-            self.raw_requestline = self.rfile.readline()
+            self.raw_requestline = self.rfile.readline(65537)
+            if len(self.raw_requestline) > 65536:
+                self.requestline = ''
+                self.request_version = ''
+                self.command = ''
+                self.send_error(414)
+                return
             if not self.raw_requestline:
                 self.close_connection = 1
                 return
commit	47d9b0e08aeea13ceb7ef7b41e1664f4c81a0958	[log] [tgz]
author	Antoine Pitrou <solipsis@pitrou.net>	Thu Dec 16 17:11:34 2010 +0000
committer	Antoine Pitrou <solipsis@pitrou.net>	Thu Dec 16 17:11:34 2010 +0000
tree	d379f344ae0262c6161541e62069f646bae7fb95
parent	fd1cf6f8322eb34063ecad81422d0df032a8bcfc [diff] [blame]