Apply patch against denial-of-service attack from Python 2.7 upstream branch.

2026-04-24 08:04:44 +00:00 · 2010-12-19 16:55:22 +01:00 · 2010-12-19 16:55:22 +01:00 · ed75de6005
commit ed75de6005
parent 6931f665b2
1 changed files with 24 additions and 5 deletions
--- a/linkcheck/httplib2.py
+++ b/linkcheck/httplib2.py
@ -212,6 +212,9 @@ responses = {
 # maximal amount of data to read at one time in _safe_read
 MAXAMOUNT = 1048576

+# maximal line length when calling readline().
+_MAXLINE = 65536
+
 class HTTPMessage(mimetools.Message):

    def addheader(self, key, value):
@ -274,7 +277,9 @@ class HTTPMessage(mimetools.Message):
                except IOError:
                    startofline = tell = None
                    self.seekable = 0
-            line = self.fp.readline()
+            line = self.fp.readline(_MAXLINE + 1)
+            if len(line) > _MAXLINE:
+                raise LineTooLong("header line")
            if not line:
                self.status = 'EOF in headers'
                break
@ -408,7 +413,10 @@ class HTTPResponse:
                break
            # skip the header from the 100 response
            while True:
-                skip = self.fp.readline().strip()
+                skip = self.fp.readline(_MAXLINE + 1)
+                if len(skip) > _MAXLINE:
+                    raise LineTooLong("header line")
+                skip = skip.strip()
                if not skip:
                    break
                if self.debuglevel > 0:
@ -568,7 +576,9 @@ class HTTPResponse:

        while True:
            if chunk_left is None:
-                line = self.fp.readline()
+                line = self.fp.readline(_MAXLINE + 1)
+                if len(line) > _MAXLINE:
+                    raise LineTooLong("chunk size")
                i = line.find(';')
                if i >= 0:
                    line = line[:i] # strip chunk-extensions
@ -603,7 +613,9 @@ class HTTPResponse:
        # read and discard trailer up to the CRLF terminator
        ### note: we shouldn't have any trailers!
        while True:
-            line = self.fp.readline()
+            line = self.fp.readline(_MAXLINE + 1)
+            if len(line) > _MAXLINE:
+                raise LineTooLong("trailer line")
            if not line:
                # a vanishingly small number of sites EOF without
                # sending the trailer
@ -739,7 +751,9 @@ class HTTPConnection:
            raise socket.error("Tunnel connection failed: %d %s" % (code,
                                                                    message.strip()))
        while True:
-            line = response.fp.readline()
+            line = response.fp.readline(_MAXLINE + 1)
+            if len(line) > _MAXLINE:
+                raise LineTooLong("header line")
            if line == '\r\n': break

    def connect(self):
@ -1278,6 +1292,11 @@ class BadStatusLine(HTTPException):
        self.args = line,
        self.line = line

+class LineTooLong(HTTPException):
+    def __init__(self, line_type):
+        HTTPException.__init__(self, "got more than %d bytes when reading %s"
+                                     % (_MAXLINE, line_type))
+
 # for backwards compatibility
 error = HTTPException