From: Christian Heimes <christian@cheimes.de>
Date: Tue, 25 Sep 2012 11:29:30 +0000 (+0200)
Subject: Issue #16037: Limit httplib's _read_status() function to work around broken
X-Git-Tag: v2.7.4rc1~539
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=671138f27dcdc3d259e85f7603acf01a46a44515;p=thirdparty%2FPython%2Fcpython.git

Issue #16037: Limit httplib's _read_status() function to work around broken
HTTP servers and reduce memory usage. It's actually a backport of a Python
3.2 fix. Thanks to Adrien Kunysz.
---

diff --git a/Lib/httplib.py b/Lib/httplib.py
index 98296dc3c522..4c8b0fe2091a 100644
--- a/Lib/httplib.py
+++ b/Lib/httplib.py
@@ -362,7 +362,9 @@ class HTTPResponse:
 
     def _read_status(self):
         # Initialize with Simple-Response defaults
-        line = self.fp.readline()
+        line = self.fp.readline(_MAXLINE + 1)
+        if len(line) > _MAXLINE:
+            raise LineTooLong("header line")
         if self.debuglevel > 0:
             print "reply:", repr(line)
         if not line:
diff --git a/Misc/NEWS b/Misc/NEWS
index 269307203899..fdd84fe167f1 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -9,6 +9,10 @@ What's New in Python 2.7.4
 Core and Builtins
 -----------------
 
+- Issue #16037: Limit httplib's _read_status() function to work around broken
+  HTTP servers and reduce memory usage. It's actually a backport of a Python
+  3.2 fix. Thanks to Adrien Kunysz.
+
 - Issue #13992: The trashcan mechanism is now thread-safe.  This eliminates
   sporadic crashes in multi-thread programs when several long deallocator
   chains ran concurrently and involved subclasses of built-in container