Issue 22419: wsgiref request length

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/66609

classification

Title:	wsgiref request length
Type:	security	Stage:	resolved
Components:	Library (Lib)	Versions:	Python 3.3, Python 3.4, Python 3.5, Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	orsenthil	Nosy List:	Arfrever, devin, orsenthil, python-dev
Priority:	normal	Keywords:	patch

Created on 2014-09-15 18:06 by devin, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
wsgiref_request_length.patch	devin, 2014-09-15 18:06		review

Messages (5)
msg226931 - (view)	Author: Devin Cook (devin)	Date: 2014-09-15 18:06
BaseHTTPRequestHandler limits request length to prevent DoS. WSGIRequestHandler should probably do the same. See: http://bugs.python.org/issue10714
msg226986 - (view)	Author: Senthil Kumaran (orsenthil) *	Date: 2014-09-17 08:03
The patch looks good. Yeah, wsgiref server will see the benefiting of rejecting long url with 414.
msg226987 - (view)	Author: Roundup Robot (python-dev)	Date: 2014-09-17 08:33
New changeset 7a4d960fc801 by Senthil Kumaran in branch '2.7': Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes. https://hg.python.org/cpython/rev/7a4d960fc801 New changeset a4e0aee1a9b5 by Senthil Kumaran in branch '3.3': Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes. https://hg.python.org/cpython/rev/a4e0aee1a9b5 New changeset ba86978c8ab5 by Senthil Kumaran in branch '3.4': Merge from 3.3 https://hg.python.org/cpython/rev/ba86978c8ab5 New changeset 07b928530cdf by Senthil Kumaran in branch 'default': Merge from 3.4 https://hg.python.org/cpython/rev/07b928530cdf
msg226988 - (view)	Author: Senthil Kumaran (orsenthil) *	Date: 2014-09-17 08:35
Thanks, fixed in all versions applicable for security release.
msg227904 - (view)	Author: Roundup Robot (python-dev)	Date: 2014-09-30 12:59
New changeset 0d115d14adfd by Georg Brandl in branch '3.2': Issue #22419: Limit the length of incoming HTTP request in wsgiref server to https://hg.python.org/cpython/rev/0d115d14adfd

History
Date	User	Action	Args
2022-04-11 14:58:08	admin	set	github: 66609
2014-09-30 12:59:27	python-dev	set	messages: + msg227904
2014-09-21 09:05:15	Arfrever	set	nosy: + Arfrever
2014-09-17 08:35:19	orsenthil	set	versions: + Python 2.7, Python 3.3, Python 3.4, Python 3.5
2014-09-17 08:35:04	orsenthil	set	status: open -> closed messages: + msg226988 assignee: orsenthil resolution: fixed stage: resolved
2014-09-17 08:33:02	python-dev	set	nosy: + python-dev messages: + msg226987
2014-09-17 08:03:21	orsenthil	set	nosy: + orsenthil messages: + msg226986
2014-09-15 18:06:26	devin	create