New submission from Ross Lagerwall <rosslagerw...@gmail.com>: BaseHTTPRequestHandler in http.server does not limit the length of the request line so a malicious client can cause the server to run out of memory with a malicious request.
This patch limits the length to 64K (like Apache) and sends Error 414 if it exceeds this. ---------- components: Library (Lib) files: httpserver_py3k.patch keywords: patch messages: 124106 nosy: rosslagerwall priority: normal severity: normal status: open title: httpserver request length type: security versions: Python 3.2 Added file: http://bugs.python.org/file20074/httpserver_py3k.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10714> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
