You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.7 KiB
51 lines
1.7 KiB
|
|
# HG changeset patch |
|
# User Berker Peksag <berker.peksag@gmail.com> |
|
# Date 1407212157 -10800 |
|
# Node ID 5e310c6a8520603bca8bc4b40eaf4f074db47c0d |
|
# Parent 46c7a724b487295257423a69478392cb01ce74e6 |
|
Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more |
|
than 100 headers are read. |
|
|
|
Patch by Jyrki Pulliainen and Daniel Eriksson. |
|
|
|
diff --git a/Lib/httplib.py b/Lib/httplib.py |
|
--- a/Lib/httplib.py |
|
+++ b/Lib/httplib.py |
|
@@ -215,6 +215,10 @@ MAXAMOUNT = 1048576 |
|
# maximal line length when calling readline(). |
|
_MAXLINE = 65536 |
|
|
|
+# maximum amount of headers accepted |
|
+_MAXHEADERS = 100 |
|
+ |
|
+ |
|
class HTTPMessage(mimetools.Message): |
|
|
|
def addheader(self, key, value): |
|
@@ -271,6 +275,8 @@ class HTTPMessage(mimetools.Message): |
|
elif self.seekable: |
|
tell = self.fp.tell |
|
while True: |
|
+ if len(hlist) > _MAXHEADERS: |
|
+ raise HTTPException("got more than %d headers" % _MAXHEADERS) |
|
if tell: |
|
try: |
|
startofline = tell() |
|
diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py |
|
--- a/Lib/test/test_httplib.py |
|
+++ b/Lib/test/test_httplib.py |
|
@@ -262,6 +262,13 @@ class BasicTest(TestCase): |
|
if resp.read() != "": |
|
self.fail("Did not expect response from HEAD request") |
|
|
|
+ def test_too_many_headers(self): |
|
+ headers = '\r\n'.join('Header%d: foo' % i for i in xrange(200)) + '\r\n' |
|
+ text = ('HTTP/1.1 200 OK\r\n' + headers) |
|
+ s = FakeSocket(text) |
|
+ r = httplib.HTTPResponse(s) |
|
+ self.assertRaises(httplib.HTTPException, r.begin) |
|
+ |
|
def test_send_file(self): |
|
expected = 'GET /foo HTTP/1.1\r\nHost: example.com\r\n' \ |
|
'Accept-Encoding: identity\r\nContent-Length:'
|
|
|