[issue44022] "urllib" will result to deny of service

Gen Xu added the comment: Looks like it is caused by the httplib not limiting total header size after receiving 100. Added a counter for that to be same size as _MAXLINE=65536. -- versions: -Python 3.7 ___ Python tracker

[issue44022] "urllib" will result to deny of service

Gen Xu added the comment: Added a possible PR. Review will be appreicated. -- ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue44022] "urllib" will result to deny of service

Change by Gen Xu : -- keywords: +patch nosy: +gen-xu nosy_count: 1.0 -> 2.0 pull_requests: +24585 stage: -> patch review pull_request: https://github.com/python/cpython/pull/25916 ___ Python tracker

[issue44022] "urllib" will result to deny of service

New submission from guangli dong : if a client request a http/https/ftp service which is controlled by attacker, attacker can make this client hang forever, event client has set "timeout" argument. maybe this client also will consume more and more memory. i does not test on this conclusion.