[Python-checkins] cpython (2.6): Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
charles-francois.natali
python-checkins at python.org
Sat Feb 18 15:03:10 CET 2012
http://hg.python.org/cpython/rev/24244a744d01
changeset: 75014:24244a744d01
branch: 2.6
parent: 74645:9a4131ada792
user: Charles-François Natali <neologix at free.fr>
date: Sat Feb 18 14:15:38 2012 +0100
summary:
Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
files:
Lib/SimpleXMLRPCServer.py | 5 ++++-
Misc/NEWS | 3 +++
2 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/Lib/SimpleXMLRPCServer.py b/Lib/SimpleXMLRPCServer.py
--- a/Lib/SimpleXMLRPCServer.py
+++ b/Lib/SimpleXMLRPCServer.py
@@ -459,7 +459,10 @@
L = []
while size_remaining:
chunk_size = min(size_remaining, max_chunk_size)
- L.append(self.rfile.read(chunk_size))
+ chunk = self.rfile.read(chunk_size)
+ if not chunk:
+ break
+ L.append(chunk)
size_remaining -= len(L[-1])
data = ''.join(L)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@
Library
-------
+- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
+ SimpleXMLRPCServer upon malformed POST request.
+
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list