Matej Cepl
3cfc9f2646
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch which fixes http client infinite line reading (DoS) after a http 100 (bpo#44022, boo#1189241). OBS-URL: https://build.opensuse.org/request/show/911127 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=296
22 lines
825 B
Diff
22 lines
825 B
Diff
--- a/Lib/httplib.py
|
|
+++ b/Lib/httplib.py
|
|
@@ -449,6 +449,7 @@ class HTTPResponse:
|
|
if status != CONTINUE:
|
|
break
|
|
# skip the header from the 100 response
|
|
+ header_count = 0
|
|
while True:
|
|
skip = self.fp.readline(_MAXLINE + 1)
|
|
if len(skip) > _MAXLINE:
|
|
@@ -458,6 +459,10 @@ class HTTPResponse:
|
|
break
|
|
if self.debuglevel > 0:
|
|
print "header:", skip
|
|
+ # bpo-44022: Fix http client infinite line reading (DoS) after a http 100
|
|
+ header_count += 1
|
|
+ if header_count > _MAXHEADERS:
|
|
+ raise HTTPException("got more than %d headers" % _MAXHEADERS)
|
|
|
|
self.status = status
|
|
self.reason = reason.strip()
|