Issue #26586: Handle excessive header fields in http.server, by Xiang Zhang

This commit is contained in:
Martin Panter 2016-04-03 00:45:46 +00:00
parent af8363926a
commit acc03195b0
3 changed files with 18 additions and 0 deletions

View File

@ -337,6 +337,13 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
HTTPStatus.BAD_REQUEST,
"Line too long")
return False
except http.client.HTTPException as err:
self.send_error(
HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE,
"Too many headers",
str(err)
)
return False
conntype = self.headers.get('Connection', "")
if conntype.lower() == 'close':

View File

@ -858,6 +858,13 @@ class BaseHTTPRequestHandlerTestCase(unittest.TestCase):
self.assertFalse(self.handler.get_called)
self.assertEqual(self.handler.requestline, 'GET / HTTP/1.1')
def test_too_many_headers(self):
result = self.send_typical_request(
b'GET / HTTP/1.1\r\n' + b'X-Foo: bar\r\n' * 101 + b'\r\n')
self.assertEqual(result[0], b'HTTP/1.1 431 Too many headers\r\n')
self.assertFalse(self.handler.get_called)
self.assertEqual(self.handler.requestline, 'GET / HTTP/1.1')
def test_close_connection(self):
# handle_one_request() should be repeatedly called until
# it sets close_connection

View File

@ -99,6 +99,10 @@ Core and Builtins
Library
-------
- Issue #26586: In http.server, respond with "413 Request header fields too
large" if there are too many header fields to parse, rather than killing
the connection and raising an unhandled exception. Patch by Xiang Zhang.
- Issue #22854: Change BufferedReader.writable() and
BufferedWriter.readable() to always return False.