[New-bugs-announce] [issue10714] httpserver request length
Ross Lagerwall
report at bugs.python.org
Thu Dec 16 05:48:11 CET 2010
New submission from Ross Lagerwall <rosslagerwall at gmail.com>:
BaseHTTPRequestHandler in http.server does not limit the length of the request line so a malicious client can cause the server to run out of memory with a malicious request.
This patch limits the length to 64K (like Apache) and sends Error 414 if it exceeds this.
----------
components: Library (Lib)
files: httpserver_py3k.patch
keywords: patch
messages: 124106
nosy: rosslagerwall
priority: normal
severity: normal
status: open
title: httpserver request length
type: security
versions: Python 3.2
Added file: http://bugs.python.org/file20074/httpserver_py3k.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10714>
_______________________________________
More information about the New-bugs-announce
mailing list