Message 124106 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	rosslagerwall
Recipients	rosslagerwall
Date	2010-12-16.04:48:09
SpamBayes Score	0.002070229
Marked as misclassified	No
Message-id	<1292474891.55.0.351573149453.issue10714@psf.upfronthosting.co.za>
In-reply-to

Content
BaseHTTPRequestHandler in http.server does not limit the length of the request line so a malicious client can cause the server to run out of memory with a malicious request. This patch limits the length to 64K (like Apache) and sends Error 414 if it exceeds this.

BaseHTTPRequestHandler in http.server does not limit the length of the request line so a malicious client can cause the server to run out of memory with a malicious request.

This patch limits the length to 64K (like Apache) and sends Error 414 if it exceeds this.

History
Date	User	Action	Args
2010-12-16 04:48:11	rosslagerwall	set	recipients: + rosslagerwall
2010-12-16 04:48:11	rosslagerwall	set	messageid: <1292474891.55.0.351573149453.issue10714@psf.upfronthosting.co.za>
2010-12-16 04:48:10	rosslagerwall	link	issue10714 messages
2010-12-16 04:48:10	rosslagerwall	create