mirror of
https://github.com/python/cpython.git
synced 2024-11-27 11:55:13 +08:00
Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
This commit is contained in:
commit
cd96b4f1ff
@ -474,12 +474,7 @@ class BaseServerTestCase(unittest.TestCase):
|
||||
|
||||
def tearDown(self):
|
||||
# wait on the server thread to terminate
|
||||
self.evt.wait(4.0)
|
||||
# XXX this code does not work, and in fact stop_serving doesn't exist.
|
||||
if not self.evt.is_set():
|
||||
self.evt.set()
|
||||
stop_serving()
|
||||
raise RuntimeError("timeout reached, test has failed")
|
||||
self.evt.wait()
|
||||
|
||||
# disable traceback reporting
|
||||
xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
|
||||
@ -626,6 +621,13 @@ class SimpleServerTestCase(BaseServerTestCase):
|
||||
server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT))
|
||||
self.assertEqual(server.add("a", "\xe9"), "a\xe9")
|
||||
|
||||
def test_partial_post(self):
|
||||
# Check that a partial POST doesn't make the server loop: issue #14001.
|
||||
conn = http.client.HTTPConnection(ADDR, PORT)
|
||||
conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
|
||||
conn.close()
|
||||
|
||||
|
||||
class MultiPathServerTestCase(BaseServerTestCase):
|
||||
threadFunc = staticmethod(http_multi_server)
|
||||
request_count = 2
|
||||
|
@ -474,7 +474,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler):
|
||||
L = []
|
||||
while size_remaining:
|
||||
chunk_size = min(size_remaining, max_chunk_size)
|
||||
L.append(self.rfile.read(chunk_size))
|
||||
chunk = self.rfile.read(chunk_size)
|
||||
if not chunk:
|
||||
break
|
||||
L.append(chunk)
|
||||
size_remaining -= len(L[-1])
|
||||
data = b''.join(L)
|
||||
|
||||
|
@ -116,6 +116,9 @@ Core and Builtins
|
||||
Library
|
||||
-------
|
||||
|
||||
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
|
||||
SimpleXMLRPCServer upon malformed POST request.
|
||||
|
||||
- Issue #2489: pty.spawn could consume 100% cpu when it encountered an EOF.
|
||||
|
||||
- Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().
|
||||
|
Loading…
Reference in New Issue
Block a user