Author gregory.p.smith
Recipients christian.heimes, gen-xu, gregory.p.smith, leveryd, lukasz.langa, miss-islington, ned.deily
Date 2021-05-07.17:39:21
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1620409161.98.0.123285001257.issue44022@roundup.psfhosted.org>
In-reply-to
Content
httplib.py is a Python 2 concept.  Python 2 is end of life.  bugs.python.org no longer tracks issues with its code.  I don't doubt that Python 2.7 has bugs.  As a matter of policy, we don't care - https://www.python.org/doc/sunset-python-2/.  Python 3.6 as that is the oldest branch still open for security fixes.

The PRs associated with this issue fixed a codepath in Python 3 that only happened after a '100' response.  That codepath did not accumulate headers:

```
            if status != CONTINUE:
                break
            # skip the header from the 100 response
            while True:
                skip = self.fp.readline(_MAXLINE + 1)
                if len(skip) > _MAXLINE:
                    raise LineTooLong("header line")
                skip = skip.strip()
                if not skip:
                    break
```

CONTINUE = 100; meaning that loop only runs after receiving what appears to be a 100 continue response.  And it does not accumulate data.

There is no `hlist` in the original pre-fix Python 3.6+ code.  Nor any header accumulation caused by this the client.py talking to evil_server.py as described in this issues opening message.
History
Date User Action Args
2021-05-07 17:39:22gregory.p.smithsetrecipients: + gregory.p.smith, christian.heimes, ned.deily, lukasz.langa, miss-islington, leveryd, gen-xu
2021-05-07 17:39:21gregory.p.smithsetmessageid: <1620409161.98.0.123285001257.issue44022@roundup.psfhosted.org>
2021-05-07 17:39:21gregory.p.smithlinkissue44022 messages
2021-05-07 17:39:21gregory.p.smithcreate