[Python-checkins] cpython (merge 2.6 -> 2.7): Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer

charles-francois.natali python-checkins at python.org
Sat Feb 18 15:03:11 CET 2012 

http://hg.python.org/cpython/rev/0c02f30b2538
changeset:   75015:0c02f30b2538
branch:      2.7
parent:      75009:7052eb923fb8
parent:      75014:24244a744d01
user:        Charles-François Natali <neologix at free.fr>
date:        Sat Feb 18 14:30:34 2012 +0100
summary:
  Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.

files:
  Lib/SimpleXMLRPCServer.py |  5 ++++-
  Lib/test/test_xmlrpc.py   |  6 ++++++
  Misc/NEWS                 |  3 +++
  3 files changed, 13 insertions(+), 1 deletions(-)


diff --git a/Lib/SimpleXMLRPCServer.py b/Lib/SimpleXMLRPCServer.py
--- a/Lib/SimpleXMLRPCServer.py
+++ b/Lib/SimpleXMLRPCServer.py
@@ -486,7 +486,10 @@
             L = []
             while size_remaining:
                 chunk_size = min(size_remaining, max_chunk_size)
-                L.append(self.rfile.read(chunk_size))
+                chunk = self.rfile.read(chunk_size)
+                if not chunk:
+                    break
+                L.append(chunk)
                 size_remaining -= len(L[-1])
             data = ''.join(L)
 
diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
--- a/Lib/test/test_xmlrpc.py
+++ b/Lib/test/test_xmlrpc.py
@@ -589,6 +589,12 @@
         # This avoids waiting for the socket timeout.
         self.test_simple1()
 
+    def test_partial_post(self):
+        # Check that a partial POST doesn't make the server loop: issue #14001.
+        conn = httplib.HTTPConnection(ADDR, PORT)
+        conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
+        conn.close()
+
 class MultiPathServerTestCase(BaseServerTestCase):
     threadFunc = staticmethod(http_multi_server)
     request_count = 2
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -93,6 +93,9 @@
 Library
 -------
 
+- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
+  SimpleXMLRPCServer upon malformed POST request.
+
 - Issue #2489: pty.spawn could consume 100% cpu when it encountered an EOF.
 
 - Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list