This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: httplib tunnel infinite loop
Type: crash Stage: resolved
Components: Library (Lib) Versions: Python 3.2, Python 3.3, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: orsenthil Nosy List: luzakiru, orsenthil, python-dev, rosslagerwall, terry.reedy
Priority: normal Keywords: patch

Created on 2011-12-30 15:56 by luzakiru, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
httplib.patch luzakiru, 2011-12-30 15:56 httplib.py patch for 2.7.2 consistent with rest of file
Messages (6)
msg150383 - (view) Author: (luzakiru) Date: 2011-12-30 15:56
readline() can return ''. This is handled in most places in httplib but not when a tunnel is used. It leads to a infinite loop that permanently blocks the program while wasting CPU cycles.

For the patch I simply copied the fix that is used elsewhere in the file where readline() is used. It can be fixed in the same way in 2.6.
msg150403 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2011-12-30 22:24
In 3.2, http.client.py, insertion would be at line 718.
However, only one statement is needed to break. 3.2 elsewhere has
    if line in (b'\r\n', b'\n', b''):
        break
But I note that at 512, there is the code luzakiru patched in. I think that should perhaps be changed to above also, unless bare \n from reading a server is really impossible.

At 313, i found this misformed code:

         if not line:
            # Presumably, the server closed the connection before
            # sending a valid response.
     raise BadStatusLine(line)

[I am curious -- is it really intended to simply throw away the tunnel server response after the first header?]
msg158551 - (view) Author: (luzakiru) Date: 2012-04-17 14:55
Although perhaps not optimal, the patch is consistent with the rest of the code and fixes the reasonably severe issue. Could this patch be applied in lieu of a better one that can come later?
msg159036 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2012-04-23 15:57
New changeset 790ae45b52be by Senthil Kumaran in branch '2.7':
Fix for Issue13684 - httplib tunnel infinite loop
http://hg.python.org/cpython/rev/790ae45b52be

New changeset 7787a9aebdc6 by Senthil Kumaran in branch '3.2':
3.2 - Fix for Issue13684 - httplib tunnel infinite loop
http://hg.python.org/cpython/rev/7787a9aebdc6

New changeset f98fb46ff273 by Senthil Kumaran in branch '2.7':
news for issue13684
http://hg.python.org/cpython/rev/f98fb46ff273

New changeset 26631c56d81f by Senthil Kumaran in branch '3.2':
news for issue13684
http://hg.python.org/cpython/rev/26631c56d81f

New changeset 1acb252a3858 by Senthil Kumaran in branch 'default':
3.2 - Fix for Issue13684 - httplib tunnel infinite loop
http://hg.python.org/cpython/rev/1acb252a3858

New changeset 246abd64e830 by Senthil Kumaran in branch 'default':
news for issue13684
http://hg.python.org/cpython/rev/246abd64e830
msg159563 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2012-04-29 02:21
New changeset 685c1db976c4 by Senthil Kumaran in branch '2.7':
httplib test for early eof response. related to Issue13684
http://hg.python.org/cpython/rev/685c1db976c4

New changeset afabb0635b15 by Senthil Kumaran in branch '3.2':
httplib test for early eof response. related to Issue13684
http://hg.python.org/cpython/rev/afabb0635b15

New changeset cfff6a53f4a3 by Senthil Kumaran in branch 'default':
httplib test for early eof response. related to Issue13684
http://hg.python.org/cpython/rev/cfff6a53f4a3
msg159564 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2012-04-29 02:26
I added a simple test for the early eof condition. It is not specific under _tunnel. I find that Mocks yet to be written that cover the response from httplib ( the mocks in the tests -httplib,urllib2), have their own overridden read() method which may not cover this scenario).  The early eof test may be helpful to some extent as general test case. I am closing this bug report as fix has been covered.
History
Date User Action Args
2022-04-11 14:57:25adminsetgithub: 57893
2013-02-24 20:47:19pitrousetstatus: open -> closed
stage: patch review -> resolved
2012-04-29 02:26:00orsenthilsetresolution: fixed
messages: + msg159564
2012-04-29 02:21:49python-devsetmessages: + msg159563
2012-04-23 15:57:06python-devsetnosy: + python-dev
messages: + msg159036
2012-04-19 15:24:38orsenthilsetassignee: orsenthil
2012-04-17 14:55:38luzakirusetmessages: + msg158551
2012-01-02 15:01:44rosslagerwallsetnosy: + rosslagerwall
2011-12-30 22:24:54terry.reedysetnosy: + terry.reedy
messages: + msg150403
2011-12-30 20:17:18pitrousetnosy: + orsenthil
stage: patch review

versions: + Python 3.2, Python 3.3, - Python 2.6
2011-12-30 15:56:26luzakirucreate