[Python-checkins] cpython (3.1): Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
charles-francois.natali
python-checkins at python.org
Sat Feb 18 15:03:12 CET 2012
http://hg.python.org/cpython/rev/4dd5a94fd3e3
changeset: 75016:4dd5a94fd3e3
branch: 3.1
parent: 74744:813a34170ac5
user: Charles-François Natali <neologix at free.fr>
date: Sat Feb 18 14:42:57 2012 +0100
summary:
Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
files:
Lib/xmlrpc/server.py | 5 ++++-
Misc/NEWS | 3 +++
2 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
--- a/Lib/xmlrpc/server.py
+++ b/Lib/xmlrpc/server.py
@@ -449,7 +449,10 @@
L = []
while size_remaining:
chunk_size = min(size_remaining, max_chunk_size)
- L.append(self.rfile.read(chunk_size))
+ chunk = self.rfile.read(chunk_size)
+ if not chunk:
+ break
+ L.append(chunk)
size_remaining -= len(L[-1])
data = b''.join(L)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@
Library
-------
+- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
+ SimpleXMLRPCServer upon malformed POST request.
+
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list