classification
Title: infinite loop in httplib
Type: behavior Stage:
Components: Library (Lib) Versions: Python 3.0, Python 2.6, Python 2.5
process
Status: closed Resolution: accepted
Dependencies: Superseder:
Assigned To: loewis Nosy List: christian.heimes, jcea, klaas, loewis, orivej
Priority: high Keywords: easy, patch

Created on 2008-01-29 19:14 by klaas, last changed 2008-02-12 18:48 by loewis. This issue is now closed.

Files
File name Uploaded Description Edit
httplib_chunked.patch klaas, 2008-01-29 19:14 patch to fix httplib infinite loop
Messages (4)
msg61824 - (view) Author: Mike Klaas (klaas) Date: 2008-01-29 19:14
There are a small number of sites that do not send the trailing \r\n when 
using chunked transfer encoding (say 1 in 500,000).  This unfortunately, 
causes httplib to go into an infinite loop.

Fixed by checking for EOF (3 line patch)
msg61848 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2008-01-30 09:56
I'm not sure if the patch can get into 2.3 and 2.4. It's up to Martin to
decide.
msg61874 - (view) Author: Mike Klaas (klaas) Date: 2008-01-30 19:13
I wouldn't advocate that it go in to 2.3/2.4.  The only security issue is 
a possible DoS, but I think that is unlikely.  There is already an "attack 
vector" for python code using (timeout-less) httplib by simply returning 
the response very slowly (1byte/sec).
msg62326 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2008-02-12 18:48
Thanks for the patch. Committed as r60747 and r60748.
History
Date User Action Args
2008-12-02 20:12:03amaury.forgeotdarclinkissue1772481 superseder
2008-02-12 18:48:48loewissetstatus: open -> closed
resolution: accepted
messages: + msg62326
2008-02-07 14:22:43orivejsetnosy: + orivej
2008-01-30 19:35:09loewissetversions: - Python 2.4, Python 2.3
2008-01-30 19:13:09klaassetmessages: + msg61874
2008-01-30 16:44:48jceasetnosy: + jcea
2008-01-30 09:56:09christian.heimessetpriority: high
assignee: loewis
messages: + msg61848
keywords: + patch, easy
nosy: + loewis, christian.heimes
2008-01-29 19:14:08klaascreate