summaryrefslogtreecommitdiff
path: root/lang/python32/files
diff options
context:
space:
mode:
authorMartin Wilke <miwi@FreeBSD.org>2012-02-18 17:53:53 +0000
committerMartin Wilke <miwi@FreeBSD.org>2012-02-18 17:53:53 +0000
commitc70027929c625a6c7a644180cb76d4bdfcf68a9c (patch)
treef1b6b8247bd5625e6389d008814bb35ab4ac68e1 /lang/python32/files
parentA RESTful web framework with strong compile-time guarantees of correctness. (diff)
- Mark Python as Secure
- Fix DoS via malformed XML-RPC / HTTP POST Submitted by: rm@ Reported by: many Obtained from: python hg Security: http://www.vuxml.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html
Notes
Notes: svn path=/head/; revision=291731
Diffstat (limited to 'lang/python32/files')
-rw-r--r--lang/python32/files/patch-CVE-2012-084546
1 files changed, 46 insertions, 0 deletions
diff --git a/lang/python32/files/patch-CVE-2012-0845 b/lang/python32/files/patch-CVE-2012-0845
new file mode 100644
index 000000000000..e30dbe1e4532
--- /dev/null
+++ b/lang/python32/files/patch-CVE-2012-0845
@@ -0,0 +1,46 @@
+diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py
+--- Lib/test/test_xmlrpc.py
++++ Lib/test/test_xmlrpc.py
+@@ -519,12 +519,7 @@
+
+ def tearDown(self):
+ # wait on the server thread to terminate
+- self.evt.wait(4.0)
+- # XXX this code does not work, and in fact stop_serving doesn't exist.
+- if not self.evt.is_set():
+- self.evt.set()
+- stop_serving()
+- raise RuntimeError("timeout reached, test has failed")
++ self.evt.wait()
+
+ # disable traceback reporting
+ xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
+@@ -671,6 +666,13 @@
+ server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT))
+ self.assertEqual(server.add("a", "\xe9"), "a\xe9")
+
++ def test_partial_post(self):
++ # Check that a partial POST doesn't make the server loop: issue #14001.
++ conn = http.client.HTTPConnection(ADDR, PORT)
++ conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
++ conn.close()
++
++
+ class MultiPathServerTestCase(BaseServerTestCase):
+ threadFunc = staticmethod(http_multi_server)
+ request_count = 2
+diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py
+--- Lib/xmlrpc/server.py
++++ Lib/xmlrpc/server.py
+@@ -476,7 +476,10 @@
+ L = []
+ while size_remaining:
+ chunk_size = min(size_remaining, max_chunk_size)
+- L.append(self.rfile.read(chunk_size))
++ chunk = self.rfile.read(chunk_size)
++ if not chunk:
++ break
++ L.append(chunk)
+ size_remaining -= len(L[-1])
+ data = b''.join(L)
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-06 17:09:46 +0000