Issue #16037: Limit httplib's _read_status() function to work around broken

HTTP servers and reduce memory usage. It's actually a backport of a Python 3.2 fix. Thanks to Adrien Kunysz.
2012-09-25 13:29:30 +02:00 · 2012-09-25 13:29:30 +02:00 · 671138f27d
parent d41dc7ce46
commit 671138f27d
2 changed files with 7 additions and 1 deletions
--- a/Lib/httplib.py
+++ b/Lib/httplib.py
@ -362,7 +362,9 @@ class HTTPResponse:

    def _read_status(self):
        # Initialize with Simple-Response defaults
-        line = self.fp.readline()
+        line = self.fp.readline(_MAXLINE + 1)
+        if len(line) > _MAXLINE:
+            raise LineTooLong("header line")
        if self.debuglevel > 0:
            print "reply:", repr(line)
        if not line:
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -9,6 +9,10 @@ What's New in Python 2.7.4
 Core and Builtins
 -----------------

+- Issue #16037: Limit httplib's _read_status() function to work around broken
+  HTTP servers and reduce memory usage. It's actually a backport of a Python
+  3.2 fix. Thanks to Adrien Kunysz.
+
 - Issue #13992: The trashcan mechanism is now thread-safe.  This eliminates
  sporadic crashes in multi-thread programs when several long deallocator
  chains ran concurrently and involved subclasses of built-in container