diff options
| author | Georg Brandl <georg@python.org> | 2013-10-27 07:34:48 +0100 |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2013-10-27 07:34:48 +0100 |
| commit | bf3f8eb9602154c9434cd82e61d1b103c30615f0 (patch) | |
| tree | d5df932a151efb3f0fbe49de78cbc96956dcd91e /Lib/http | |
| parent | 28e78414f9175774f26d8c564c7c1d3b078f99de (diff) | |
| download | cpython-git-bf3f8eb9602154c9434cd82e61d1b103c30615f0.tar.gz | |
Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
100 headers are read. Adapted from patch by Jyrki Pulliainen.
Diffstat (limited to 'Lib/http')
| -rw-r--r-- | Lib/http/client.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py index b72cf0891e..cc452e2f52 100644 --- a/Lib/http/client.py +++ b/Lib/http/client.py @@ -214,6 +214,8 @@ MAXAMOUNT = 1048576 # maximal line length when calling readline(). _MAXLINE = 65536 +_MAXHEADERS = 100 + class HTTPMessage(email.message.Message): # XXX The only usage of this method is in @@ -261,6 +263,8 @@ def parse_headers(fp, _class=HTTPMessage): if len(line) > _MAXLINE: raise LineTooLong("header line") headers.append(line) + if len(headers) > _MAXHEADERS: + raise HTTPException("got more than %d headers" % _MAXHEADERS) if line in (b'\r\n', b'\n', b''): break hstring = b''.join(headers).decode('iso-8859-1') |