This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author orsenthil
Recipients m.sucajtys, orsenthil, pitrou, rosslagerwall, vstinner
Date 2010-12-16.17:06:15
SpamBayes Score 0.000330365
Marked as misclassified No
Message-id <20101216170549.GD7964@rubuntu>
In-reply-to <1292508126.3689.2.camel@localhost.localdomain>
Content
On Thu, Dec 16, 2010 at 02:02:10PM +0000, Antoine Pitrou wrote:
> I don't think you understood the issue here. Calling readline() without
> a maximum length means the process memory potentially explodes, if the
> server sends gigabytes of data without a single "\n".

Yeah, I seem to have misunderstood the issue.  Even if the response wa
s an *invalid* one but it was huge data without \n, the readline call
would just explode.

- reading chunked response is doing a readline call too.

Both this need to be addressed by having a limit on reading.

I thought readline() is being called only when parsing headers which
should almost always have CRLF (or at least LF) and thought valid
responses always start with headers.
History
Date User Action Args
2010-12-16 17:06:23orsenthilsetrecipients: + orsenthil, pitrou, vstinner, m.sucajtys, rosslagerwall
2010-12-16 17:06:15orsenthillinkissue6791 messages
2010-12-16 17:06:15orsenthilcreate