From 671138f27dcdc3d259e85f7603acf01a46a44515 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@cheimes.de>
Date: Tue, 25 Sep 2012 13:29:30 +0200
Subject: [PATCH] Issue #16037: Limit httplib's _read_status() function to work
 around broken HTTP servers and reduce memory usage. It's actually a backport
 of a Python 3.2 fix. Thanks to Adrien Kunysz.

---
 Lib/httplib.py | 4 +++-
 Misc/NEWS      | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/Lib/httplib.py b/Lib/httplib.py
index 98296dc3c52..4c8b0fe2091 100644
--- a/Lib/httplib.py
+++ b/Lib/httplib.py
@@ -362,7 +362,9 @@ class HTTPResponse:
 
     def _read_status(self):
         # Initialize with Simple-Response defaults
-        line = self.fp.readline()
+        line = self.fp.readline(_MAXLINE + 1)
+        if len(line) > _MAXLINE:
+            raise LineTooLong("header line")
         if self.debuglevel > 0:
             print "reply:", repr(line)
         if not line:
diff --git a/Misc/NEWS b/Misc/NEWS
index 26930720389..fdd84fe167f 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -9,6 +9,10 @@ What's New in Python 2.7.4
 Core and Builtins
 -----------------
 
+- Issue #16037: Limit httplib's _read_status() function to work around broken
+  HTTP servers and reduce memory usage. It's actually a backport of a Python
+  3.2 fix. Thanks to Adrien Kunysz.
+
 - Issue #13992: The trashcan mechanism is now thread-safe.  This eliminates
   sporadic crashes in multi-thread programs when several long deallocator
   chains ran concurrently and involved subclasses of built-in container