File CVE-2021-3737-fix-HTTP-client-infinite-line-rea... of Package python

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch of Package python (Revision 7c7532457b948cc36e86ff51d95885bc)

Currently displaying revision 7c7532457b948cc36e86ff51d95885bc , Show latest

--- a/Lib/httplib.py
+++ b/Lib/httplib.py
@@ -449,6 +449,7 @@ class HTTPResponse:
             if status != CONTINUE:
                 break
             # skip the header from the 100 response
+            header_count = 0
             while True:
                 skip = self.fp.readline(_MAXLINE + 1)
                 if len(skip) > _MAXLINE:
@@ -458,6 +459,10 @@ class HTTPResponse:
                     break
                 if self.debuglevel > 0:
                     print "header:", skip
+                # CVE-2021-3737: Fix infinitely reading potential HTTP headers on a 100 Continue status response from the server
+                header_count += 1
+                if header_count > _MAXHEADERS:
+                    raise HTTPException("got more than %d headers" % _MAXHEADERS)
 
         self.status = status
         self.reason = reason.strip()
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst
@@ -0,0 +1,2 @@
+mod:`http.client` now avoids infinitely reading potential HTTP headers after a
+``100 Continue`` status response from the server.

 
--- a/Lib/httplib.py
+++ b/Lib/httplib.py
@@ -449,6 +449,7 @@ class HTTPResponse:
             if status != CONTINUE:
                 break
             # skip the header from the 100 response
+            header_count = 0
             while True:
                 skip = self.fp.readline(_MAXLINE + 1)
                 if len(skip) > _MAXLINE:
@@ -458,6 +459,10 @@ class HTTPResponse:
                     break
                 if self.debuglevel > 0:
                     print "header:", skip
+                # CVE-2021-3737: Fix infinitely reading potential HTTP headers on a 100 Continue status response from the server
+                header_count += 1
+                if header_count > _MAXHEADERS:
+                    raise HTTPException("got more than %d headers" % _MAXHEADERS)
 
         self.status = status
         self.reason = reason.strip()
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst
@@ -0,0 +1,2 @@
+mod:`http.client` now avoids infinitely reading potential HTTP headers after a
+``100 Continue`` status response from the server.
​

Places

File CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch of Package python (Revision 7c7532457b948cc36e86ff51d95885bc)

Places