Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wsgiref request length #66609

Closed
devin mannequin opened this issue Sep 15, 2014 · 5 comments
Closed

wsgiref request length #66609

devin mannequin opened this issue Sep 15, 2014 · 5 comments
Assignees
@orsenthil
Labels
stdlib Python modules in the Lib dir type-security A security issue

Comments

@devin
Copy link
Mannequin

devin mannequin commented Sep 15, 2014

BPO 22419
Nosy @orsenthil
Files
  • wsgiref_request_length.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/orsenthil'
closed_at = <Date 2014-09-17.08:35:04.787>
created_at = <Date 2014-09-15.18:06:26.234>
labels = ['type-security', 'library']
title = 'wsgiref request length'
updated_at = <Date 2014-09-30.12:59:27.317>
user = 'https://bugs.python.org/devin'

    bugs.python.org fields:

    activity = <Date 2014-09-30.12:59:27.317>
actor = 'python-dev'
assignee = 'orsenthil'
closed = True
closed_date = <Date 2014-09-17.08:35:04.787>
closer = 'orsenthil'
components = ['Library (Lib)']
creation = <Date 2014-09-15.18:06:26.234>
creator = 'devin'
dependencies = []
files = ['36626']
hgrepos = []
issue_num = 22419
keywords = ['patch']
message_count = 5.0
messages = ['226931', '226986', '226987', '226988', '227904']
nosy_count = 4.0
nosy_names = ['orsenthil', 'Arfrever', 'devin', 'python-dev']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue22419'
versions = ['Python 2.7', 'Python 3.3', 'Python 3.4', 'Python 3.5']
    @devin
    Copy link
    Mannequin Author

    devin mannequin commented Sep 15, 2014

    BaseHTTPRequestHandler limits request length to prevent DoS. WSGIRequestHandler should probably do the same.

    See: http://bugs.python.org/issue10714

    @devin devin mannequin added stdlib Python modules in the Lib dir type-security A security issue labels Sep 15, 2014
    @orsenthil
    Copy link
    Member

    The patch looks good. Yeah, wsgiref server will see the benefiting of rejecting long url with 414.

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Sep 17, 2014

    New changeset 7a4d960fc801 by Senthil Kumaran in branch '2.7':
    Issue bpo-22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes.
    https://hg.python.org/cpython/rev/7a4d960fc801

    New changeset a4e0aee1a9b5 by Senthil Kumaran in branch '3.3':
    Issue bpo-22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes.
    https://hg.python.org/cpython/rev/a4e0aee1a9b5

    New changeset ba86978c8ab5 by Senthil Kumaran in branch '3.4':
    Merge from 3.3
    https://hg.python.org/cpython/rev/ba86978c8ab5

    New changeset 07b928530cdf by Senthil Kumaran in branch 'default':
    Merge from 3.4
    https://hg.python.org/cpython/rev/07b928530cdf

    @orsenthil
    Copy link
    Member

    Thanks, fixed in all versions applicable for security release.

    @orsenthil orsenthil self-assigned this Sep 17, 2014
    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Sep 30, 2014

    New changeset 0d115d14adfd by Georg Brandl in branch '3.2':
    Issue bpo-22419: Limit the length of incoming HTTP request in wsgiref server to
    https://hg.python.org/cpython/rev/0d115d14adfd

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @orsenthil orsenthil

    Labels
    stdlib Python modules in the Lib dir type-security A security issue
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @orsenthil