Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(343)

Side by Side Diff: Lib/xmlrpc/server.py

Issue 14001: Python v2.7.2 / v3.2.2 (SimpleXMLRPCServer): DoS (excessive CPU usage) by processing malformed XMLRPC / HTTP POST request
Patch Set: Created 7 years, 3 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Lib/test/test_xmlrpc.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 """XML-RPC Servers. 1 """XML-RPC Servers.
2 2
3 This module can be used to create simple XML-RPC servers 3 This module can be used to create simple XML-RPC servers
4 by creating a server and either installing functions, a 4 by creating a server and either installing functions, a
5 class instance, or by extending the SimpleXMLRPCServer 5 class instance, or by extending the SimpleXMLRPCServer
6 class. 6 class.
7 7
8 It can also be used to handle XML-RPC requests in a CGI 8 It can also be used to handle XML-RPC requests in a CGI
9 environment using CGIXMLRPCRequestHandler. 9 environment using CGIXMLRPCRequestHandler.
10 10
(...skipping 458 matching lines...) Expand 10 before | Expand all | Expand 10 after
469 try: 469 try:
470 # Get arguments by reading body of request. 470 # Get arguments by reading body of request.
471 # We read this in chunks to avoid straining 471 # We read this in chunks to avoid straining
472 # socket.read(); around the 10 or 15Mb mark, some platforms 472 # socket.read(); around the 10 or 15Mb mark, some platforms
473 # begin to have problems (bug #792570). 473 # begin to have problems (bug #792570).
474 max_chunk_size = 10*1024*1024 474 max_chunk_size = 10*1024*1024
475 size_remaining = int(self.headers["content-length"]) 475 size_remaining = int(self.headers["content-length"])
476 L = [] 476 L = []
477 while size_remaining: 477 while size_remaining:
478 chunk_size = min(size_remaining, max_chunk_size) 478 chunk_size = min(size_remaining, max_chunk_size)
479 L.append(self.rfile.read(chunk_size)) 479 chunk = self.rfile.read(chunk_size)
480 if not chunk:
481 break
482 L.append(chunk)
480 size_remaining -= len(L[-1]) 483 size_remaining -= len(L[-1])
481 data = b''.join(L) 484 data = b''.join(L)
482 485
483 data = self.decode_request_content(data) 486 data = self.decode_request_content(data)
484 if data is None: 487 if data is None:
485 return #response has been sent 488 return #response has been sent
486 489
487 # In previous versions of SimpleXMLRPCServer, _dispatch 490 # In previous versions of SimpleXMLRPCServer, _dispatch
488 # could be overridden in this class, instead of in 491 # could be overridden in this class, instead of in
489 # SimpleXMLRPCDispatcher. To maintain backwards compatibility, 492 # SimpleXMLRPCDispatcher. To maintain backwards compatibility,
(...skipping 474 matching lines...) Expand 10 before | Expand all | Expand 10 after
964 server = SimpleXMLRPCServer(("localhost", 8000)) 967 server = SimpleXMLRPCServer(("localhost", 8000))
965 server.register_function(pow) 968 server.register_function(pow)
966 server.register_function(lambda x,y: x+y, 'add') 969 server.register_function(lambda x,y: x+y, 'add')
967 print('Serving XML-RPC on localhost port 8000') 970 print('Serving XML-RPC on localhost port 8000')
968 try: 971 try:
969 server.serve_forever() 972 server.serve_forever()
970 except KeyboardInterrupt: 973 except KeyboardInterrupt:
971 print("\nKeyboard interrupt received, exiting.") 974 print("\nKeyboard interrupt received, exiting.")
972 server.server_close() 975 server.server_close()
973 sys.exit(0) 976 sys.exit(0)
OLDNEW
« no previous file with comments | « Lib/test/test_xmlrpc.py ('k') | no next file » | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+