Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
python-base.28122
CVE-2021-3737-fix-HTTP-client-infinite-line-rea...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch of Package python-base.28122
--- a/Lib/httplib.py +++ b/Lib/httplib.py @@ -449,6 +449,7 @@ class HTTPResponse: if status != CONTINUE: break # skip the header from the 100 response + header_count = 0 while True: skip = self.fp.readline(_MAXLINE + 1) if len(skip) > _MAXLINE: @@ -458,6 +459,10 @@ class HTTPResponse: break if self.debuglevel > 0: print "header:", skip + # CVE-2021-3737: Fix infinitely reading potential HTTP headers on a 100 Continue status response from the server + header_count += 1 + if header_count > _MAXHEADERS: + raise HTTPException("got more than %d headers" % _MAXHEADERS) self.status = status self.reason = reason.strip() --- /dev/null +++ b/Misc/NEWS.d/next/Security/2021-05-05-17-37-04.bpo-44022.bS3XJ9.rst @@ -0,0 +1,2 @@ +mod:`http.client` now avoids infinitely reading potential HTTP headers after a +``100 Continue`` status response from the server.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor