This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: wsgiref request length
Type: security Stage: resolved
Components: Library (Lib) Versions: Python 3.3, Python 3.4, Python 3.5, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: orsenthil Nosy List: Arfrever, devin, orsenthil, python-dev
Priority: normal Keywords: patch

Created on 2014-09-15 18:06 by devin, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
wsgiref_request_length.patch devin, 2014-09-15 18:06 review
Messages (5)
msg226931 - (view) Author: Devin Cook (devin) Date: 2014-09-15 18:06
BaseHTTPRequestHandler limits request length to prevent DoS. WSGIRequestHandler should probably do the same.

See: http://bugs.python.org/issue10714
msg226986 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2014-09-17 08:03
The patch looks good. Yeah, wsgiref server will see the benefiting of rejecting long url with 414.
msg226987 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2014-09-17 08:33
New changeset 7a4d960fc801 by Senthil Kumaran in branch '2.7':
Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes.
https://hg.python.org/cpython/rev/7a4d960fc801

New changeset a4e0aee1a9b5 by Senthil Kumaran in branch '3.3':
Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes.
https://hg.python.org/cpython/rev/a4e0aee1a9b5

New changeset ba86978c8ab5 by Senthil Kumaran in branch '3.4':
Merge from 3.3
https://hg.python.org/cpython/rev/ba86978c8ab5

New changeset 07b928530cdf by Senthil Kumaran in branch 'default':
Merge from 3.4
https://hg.python.org/cpython/rev/07b928530cdf
msg226988 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2014-09-17 08:35
Thanks, fixed in all versions applicable for security release.
msg227904 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2014-09-30 12:59
New changeset 0d115d14adfd by Georg Brandl in branch '3.2':
Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
https://hg.python.org/cpython/rev/0d115d14adfd
History
Date User Action Args
2022-04-11 14:58:08adminsetgithub: 66609
2014-09-30 12:59:27python-devsetmessages: + msg227904
2014-09-21 09:05:15Arfreversetnosy: + Arfrever
2014-09-17 08:35:19orsenthilsetversions: + Python 2.7, Python 3.3, Python 3.4, Python 3.5
2014-09-17 08:35:04orsenthilsetstatus: open -> closed
messages: + msg226988

assignee: orsenthil
resolution: fixed
stage: resolved
2014-09-17 08:33:02python-devsetnosy: + python-dev
messages: + msg226987
2014-09-17 08:03:21orsenthilsetnosy: + orsenthil
messages: + msg226986
2014-09-15 18:06:26devincreate