New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2012-0845 Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request #58209
Comments
A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU. Credit: References: Steps to reproduce:
from xmlrpc.server import SimpleXMLRPCServer
server = SimpleXMLRPCServer(('127.0.0.1', 12345))
server.serve_forever()
Return to 'top' screen and see, how CPU consumption on particular host quickly moves to 100%. B) for v2.7.2 version:
cat s.py from SimpleXMLRPCServer import SimpleXMLRPCServer
server = SimpleXMLRPCServer(('127.0.0.1', 12345))
server.serve_forever() Steps 2) and 3) for v2.7.2 version are identical to |
CVE request: |
SimpleXMLRPCRequestHandler.do_POST() is simply looping on EOF. |
The CVE identifier of CVE-2012-0845 has been assigned to this issue: |
With test. |
The patch looks ok to me. |
As a security issue, it applies to 2.6 and 3.1 as well. |
The test fails on 2.6 and 2.7, because of a EPIPE, which is normal in Exception happened during processing of request from ('127.0.0.1', 47844)
Traceback (most recent call last):
File "/home/cf/python/cpython/Lib/SocketServer.py", line 283, in
_handle_request_noblock
self.process_request(request, client_address)
File "/home/cf/python/cpython/Lib/SocketServer.py", line 309, in
process_request
self.finish_request(request, client_address)
File "/home/cf/python/cpython/Lib/SocketServer.py", line 322, in
finish_request
self.RequestHandlerClass(request, client_address, self)
File "/home/cf/python/cpython/Lib/SocketServer.py", line 617, in __init__
self.handle()
File "/home/cf/python/cpython/Lib/BaseHTTPServer.py", line 329, in handle
self.handle_one_request()
File "/home/cf/python/cpython/Lib/BaseHTTPServer.py", line 323, in
handle_one_request
method()
File "/home/cf/python/cpython/Lib/SimpleXMLRPCServer.py", line 490, in do_POST
self.send_response(200)
File "/home/cf/python/cpython/Lib/BaseHTTPServer.py", line 384, in
send_response
self.send_header('Server', self.version_string())
File "/home/cf/python/cpython/Lib/BaseHTTPServer.py", line 390, in send_header
self.wfile.write("%s: %s\r\n" % (keyword, value))
File "/home/cf/python/cpython/Lib/socket.py", line 318, in write
self.flush()
File "/home/cf/python/cpython/Lib/socket.py", line 297, in flush
self._sock.sendall(buffer(data, write_offset, buffer_size))
error: [Errno 32] Broken pipe
""" What should I do? Remove the test? |
New changeset 24244a744d01 by Charles-François Natali in branch '2.6': New changeset 0c02f30b2538 by Charles-François Natali in branch '2.7': New changeset 4dd5a94fd3e3 by Charles-François Natali in branch '3.1': New changeset cd67740ce653 by Charles-François Natali in branch '3.2': New changeset 5756b295b6fb by Charles-François Natali in branch 'default': |
Committed, thanks! |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: