This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author rosslagerwall
Recipients BreamoreBoy, m.sucajtys, orsenthil, rosslagerwall, vstinner
Date 2010-12-15.09:46:16
SpamBayes Score 3.15278e-05
Marked as misclassified No
Message-id <1292406378.83.0.73114508743.issue6791@psf.upfronthosting.co.za>
In-reply-to
Content
Attached is a unit test which tests the issue.
Unfortunately, since it uses the resource module to limit memory to a workable size, it will only work on Unix.

The given patch appears to fix the issue well.

I think this should be taken as a security issue (even if a rather odd one) since a malicious http server could be set up in place of the normal one and crash any http python clients that connect to it.

Eg:
Run: dd if=/dev/zero bs=10M count=1000 | nc -l 8888
And then:

import httplib
h = httplib.HTTPConnection('localhost', 8888)
h.connect()
h.request('GET', '/')
r = h.getresponse()

This should cause python to use up all the memory available.
History
Date User Action Args
2010-12-15 09:46:18rosslagerwallsetrecipients: + rosslagerwall, orsenthil, vstinner, m.sucajtys, BreamoreBoy
2010-12-15 09:46:18rosslagerwallsetmessageid: <1292406378.83.0.73114508743.issue6791@psf.upfronthosting.co.za>
2010-12-15 09:46:16rosslagerwalllinkissue6791 messages
2010-12-15 09:46:16rosslagerwallcreate