Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer

upon malformed POST request.
2012-02-18 14:53:41 +01:00 · 2012-02-18 14:53:41 +01:00 · cd96b4f1ff
parent ead1de2f03 ec1712a166
commit cd96b4f1ff
3 changed files with 15 additions and 7 deletions
--- a/Lib/test/test_xmlrpc.py
+++ b/Lib/test/test_xmlrpc.py
@ -474,12 +474,7 @@ class BaseServerTestCase(unittest.TestCase):

    def tearDown(self):
        # wait on the server thread to terminate
-        self.evt.wait(4.0)
-        # XXX this code does not work, and in fact stop_serving doesn't exist.
-        if not self.evt.is_set():
-            self.evt.set()
-            stop_serving()
-            raise RuntimeError("timeout reached, test has failed")
+        self.evt.wait()

        # disable traceback reporting
        xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
@ -626,6 +621,13 @@ class SimpleServerTestCase(BaseServerTestCase):
        server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT))
        self.assertEqual(server.add("a", "\xe9"), "a\xe9")

+    def test_partial_post(self):
+        # Check that a partial POST doesn't make the server loop: issue #14001.
+        conn = http.client.HTTPConnection(ADDR, PORT)
+        conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
+        conn.close()
+
+
 class MultiPathServerTestCase(BaseServerTestCase):
    threadFunc = staticmethod(http_multi_server)
    request_count = 2
--- a/Lib/xmlrpc/server.py
+++ b/Lib/xmlrpc/server.py
@ -474,7 +474,10 @@ class SimpleXMLRPCRequestHandler(BaseHTTPRequestHandler):
            L = []
            while size_remaining:
                chunk_size = min(size_remaining, max_chunk_size)
-                L.append(self.rfile.read(chunk_size))
+                chunk = self.rfile.read(chunk_size)
+                if not chunk:
+                    break
+                L.append(chunk)
                size_remaining -= len(L[-1])
            data = b''.join(L)

--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -116,6 +116,9 @@ Core and Builtins
 Library
 -------

+- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
+  SimpleXMLRPCServer upon malformed POST request.
+
 - Issue #2489: pty.spawn could consume 100% cpu when it encountered an EOF.

 - Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().