Author rosslagerwall
Recipients rosslagerwall
Date 2010-12-16.04:48:09
SpamBayes Score 0.00207023
Marked as misclassified No
Message-id <1292474891.55.0.351573149453.issue10714@psf.upfronthosting.co.za>
In-reply-to
Content
BaseHTTPRequestHandler in http.server does not limit the length of the request line so a malicious client can cause the server to run out of memory with a malicious request.

This patch limits the length to 64K (like Apache) and sends Error 414 if it exceeds this.
History
Date User Action Args
2010-12-16 04:48:11rosslagerwallsetrecipients: + rosslagerwall
2010-12-16 04:48:11rosslagerwallsetmessageid: <1292474891.55.0.351573149453.issue10714@psf.upfronthosting.co.za>
2010-12-16 04:48:10rosslagerwalllinkissue10714 messages
2010-12-16 04:48:10rosslagerwallcreate