Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than

100 headers are read. Adapted from patch by Jyrki Pulliainen.
author: Georg Brandl <georg@python.org> 2014-09-30 14:08:04 +0200
committer: Georg Brandl <georg@python.org> 2014-09-30 14:08:04 +0200
commit: f0746ca46376647993a47e24051a80fdf679014a (patch)
tree: 55faff27b29f3afe16e29c56f382f1572b7e791f /Lib/http
parent: ec3c103520a5061e657581b388e2b8ba6f74602a (diff)
download: cpython-git-f0746ca46376647993a47e24051a80fdf679014a.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/Lib/http/client.py b/Lib/http/client.py
index 5466d0618d..f398a64a9f 100644
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -206,6 +206,8 @@ MAXAMOUNT = 1048576
 
 # maximal line length when calling readline().
 _MAXLINE = 65536
+_MAXHEADERS = 100
+
 
 class HTTPMessage(email.message.Message):
     # XXX The only usage of this method is in
@@ -253,6 +255,8 @@ def parse_headers(fp, _class=HTTPMessage):
         if len(line) > _MAXLINE:
             raise LineTooLong("header line")
         headers.append(line)
+        if len(headers) > _MAXHEADERS:
+            raise HTTPException("got more than %d headers" % _MAXHEADERS)
         if line in (b'\r\n', b'\n', b''):
             break
     hstring = b''.join(headers).decode('iso-8859-1')
author	Georg Brandl <georg@python.org>	2014-09-30 14:08:04 +0200
committer	Georg Brandl <georg@python.org>	2014-09-30 14:08:04 +0200
commit	f0746ca46376647993a47e24051a80fdf679014a (patch)
tree	55faff27b29f3afe16e29c56f382f1572b7e791f /Lib/http
parent	ec3c103520a5061e657581b388e2b8ba6f74602a (diff)
download	cpython-git-f0746ca46376647993a47e24051a80fdf679014a.tar.gz