[issue16037] httplib: header parsing is unlimited

Roundup Robot added the comment: New changeset deee87d61436 by Georg Brandl in branch '3.2': Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than https://hg.python.org/cpython/rev/deee87d61436 -- ___ Python tracker

[issue16037] httplib: header parsing is unlimited

Changes by Georg Brandl ge...@python.org: -- resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037 ___

[issue16037] httplib: header parsing is unlimited

Changes by Berker Peksag berker.pek...@gmail.com: -- stage: patch review - resolved ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037 ___ ___

[issue16037] httplib: header parsing is unlimited

Changes by Terry J. Reedy tjre...@udel.edu: -- stage: needs patch - patch review versions: +Python 3.4, Python 3.5 -Python 3.1, Python 3.2 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037

[issue16037] httplib: header parsing is unlimited

Terry J. Reedy added the comment: Looking further, already fixed in 3.x -- nosy: +terry.reedy resolution: - fixed status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037

[issue16037] httplib: header parsing is unlimited

Arfrever Frehtes Taifersar Arahesis added the comment: Python 3.2 still receives security fixes. -- resolution: fixed - status: closed - open versions: +Python 3.2 -Python 3.4, Python 3.5 ___ Python tracker rep...@bugs.python.org

[issue16037] httplib: header parsing is unlimited

Terry J. Reedy added the comment: This was never discussed as a security issue. Why do you think it is? Users wasting their *own* time is different for wasting the time of a remote server in a DoS attack. -- ___ Python tracker

[issue16037] httplib: header parsing is unlimited

Antoine Pitrou added the comment: A server can include a HTTP client. It's actually quite common these days, given the number of services which are exposed as REST APIs. Now, unless Georg plans to do a new 3.2 release some day, it's not very useful to discuss the inclusion of the fix in 3.2.

[issue16037] httplib: header parsing is unlimited

Roundup Robot added the comment: New changeset 5e310c6a8520 by Berker Peksag in branch '2.7': Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more http://hg.python.org/cpython/rev/5e310c6a8520 -- ___ Python tracker

[issue16037] httplib: header parsing is unlimited

Berker Peksag added the comment: Thanks for the patches Jyrki and Daniel. -- nosy: +berker.peksag versions: -Python 2.7 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037 ___

[issue16037] httplib: header parsing is unlimited

Daniel Eriksson added the comment: Updated the patch for 2.7 to raise HTTPException instead of a new Exception. -- nosy: +clearminds Added file: http://bugs.python.org/file36214/issue_16037_py27_v3.diff ___ Python tracker rep...@bugs.python.org

[issue16037] httplib: header parsing is unlimited

Mark Lawrence added the comment: Is any further work needed on this and similar issues #16038, #16040, #16041, #16042 and #16043 ? -- nosy: +BreamoreBoy ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037

[issue16037] httplib: header parsing is unlimited

Changes by Cory Benfield c...@lukasa.co.uk: -- nosy: +Lukasa ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037 ___ ___ Python-bugs-list mailing

[issue16037] httplib: header parsing is unlimited

Cory Benfield added the comment: I presume Barry's disinclination to merge this to 2.6 with a new exception applies equally to 2.7, which is why this hasn't been merged to 2.7 yet? I'm happy to review an updated 2.7 patch that raises an HTTPException if that's what we need to keep this

[issue16037] httplib: header parsing is unlimited

Changes by Mark Lawrence breamore...@yahoo.co.uk: -- nosy: -BreamoreBoy ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037 ___ ___

[issue16037] httplib: header parsing is unlimited

Roundup Robot added the comment: New changeset e445d02e5306 by Georg Brandl in branch '3.3': Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than http://hg.python.org/cpython/rev/e445d02e5306 -- ___ Python tracker

[issue16037] httplib: header parsing is unlimited

Georg Brandl added the comment: Also merged to default. -- versions: -Python 3.3, Python 3.4 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037 ___

[issue16037] httplib: header parsing is unlimited

Jyrki Pulliainen added the comment: Third version of the 3.2 patch, this time with documentation of the exception TooManyHeaders -- Added file: http://bugs.python.org/file32358/issue16037_py32_v3.patch ___ Python tracker rep...@bugs.python.org

[issue16037] httplib: header parsing is unlimited

Jyrki Pulliainen added the comment: Patch for py32 applies cleanly on 3.4 too, this should be good to go -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037 ___

[issue16037] httplib: header parsing is unlimited

Larry Hastings added the comment: Ping. Please fix before beta 1. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037 ___ ___ Python-bugs-list

[issue16037] httplib: header parsing is unlimited

Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com: -- title: httplib: header parsing is not unlimited - httplib: header parsing is unlimited ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue16037