[issue44022] urllib http client possible infinite loop on a 100 Continue response

Matej Cepl added the comment: Is there a CVE for this? -- nosy: +mcepl ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Łukasz Langa added the comment: New changeset 0389426fa4af4dfc8b1d7f3f291932d928392d8b by Miss Islington (bot) in branch '3.8': bpo-44022: Improve the regression test. (GH-26503) (#26506) https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b --

[issue44022] urllib http client possible infinite loop on a 100 Continue response

miss-islington added the comment: New changeset 7ac7a0c0f03c60934bc924ee144db170a0e0161f by Sergey Fedoseev in branch 'main': bpo-44022: Fix Sphinx role in NEWS entry (GH-27033) https://github.com/python/cpython/commit/7ac7a0c0f03c60934bc924ee144db170a0e0161f --

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by Sergey Fedoseev : -- nosy: +sir-sigurd nosy_count: 8.0 -> 9.0 pull_requests: +25593 pull_request: https://github.com/python/cpython/pull/27033 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Ned Deily added the comment: New changeset 1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 by Miss Islington (bot) in branch '3.6': bpo-44022: Improve the regression test. (GH-26503) (GH-26508) https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 --

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Ned Deily added the comment: New changeset fee96422e6f0056561cf74fef2012cc066c9db86 by Miss Islington (bot) in branch '3.7': bpo-44022: Improve the regression test. (GH-26503) (GH-26507) https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 --

[issue44022] urllib http client possible infinite loop on a 100 Continue response

miss-islington added the comment: New changeset 5df4abd6b033a5f1e48945c6988b45e35e76f647 by Miss Islington (bot) in branch '3.9': bpo-44022: Improve the regression test. (GH-26503) https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 --

[issue44022] urllib http client possible infinite loop on a 100 Continue response

miss-islington added the comment: New changeset 98e5a7975d99b58d511f171816ecdfb13d5cca18 by Miss Islington (bot) in branch '3.10': bpo-44022: Improve the regression test. (GH-26503) https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 --

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +25104 pull_request: https://github.com/python/cpython/pull/26508 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Gregory P. Smith added the comment: New changeset e60ab843cbb016fb6ff8b4f418641ac05a9b2fcc by Gregory P. Smith in branch 'main': bpo-44022: Improve the regression test. (GH-26503) https://github.com/python/cpython/commit/e60ab843cbb016fb6ff8b4f418641ac05a9b2fcc --

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +25103 pull_request: https://github.com/python/cpython/pull/26507 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +25102 pull_request: https://github.com/python/cpython/pull/26506 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +25100 pull_request: https://github.com/python/cpython/pull/26504 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +25101 pull_request: https://github.com/python/cpython/pull/26505 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Gregory P. Smith added the comment: Great catch! The new PR should address that. -- ___ Python tracker ___ ___ Python-bugs-list

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by Gregory P. Smith : -- pull_requests: +25099 pull_request: https://github.com/python/cpython/pull/26503 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Michał Górny added the comment: The test added for this bug is insufficient to verify the fix. If I revert the Lib/http/client.py change, the test still passes. This is because a subclass of client.HTTPException is still raised. If I add an explicit begin() call to trigger the exception,

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by Łukasz Langa : -- Removed message: https://bugs.python.org/msg393236 ___ Python tracker ___ ___ Python-bugs-list mailing

[issue44022] urllib http client possible infinite loop on a 100 Continue response

guangli dong added the comment: i am intersting in "stdlib security", do you has any recommended info about this topic? what i know is "https://python-security.readthedocs.io; and "cve list". -- ___ Python tracker

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Gregory P. Smith added the comment: httplib.py is a Python 2 concept. Python 2 is end of life. bugs.python.org no longer tracks issues with its code. I don't doubt that Python 2.7 has bugs. As a matter of policy, we don't care - https://www.python.org/doc/sunset-python-2/. Python 3.6

[issue44022] urllib http client possible infinite loop on a 100 Continue response

guangli dong added the comment: @Gregory P. Smith yes, i agree that there are many other ways to make "urllib" or "httplib" such http client hang, because "timeout" is not global read timeout, this "timeout" has effects when every "read socket" operation. why you think it will not result

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by Ned Deily : -- versions: +Python 3.10, Python 3.8, Python 3.9 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Gregory P. Smith added the comment: If anyone wants a CVE for it, that's up to them. This bug is in the CPython http.client module which is what urllib uses for http/https. I'd rate it low severity. A malicious server can hold a http connection from this library open as a network traffic

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by Ned Deily : -- stage: commit review -> resolved versions: +Python 3.6, Python 3.7 -Python 3.10, Python 3.11, Python 3.8, Python 3.9 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Ned Deily added the comment: New changeset 078b146f062d212919d0ba25e34e658a8234aa63 by Miss Islington (bot) in branch '3.7': bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) (GH-25934)

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Ned Deily added the comment: New changeset f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 by Miss Islington (bot) in branch '3.6': bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) (GH-25935)

[issue44022] urllib http client possible infinite loop on a 100 Continue response

guangli dong added the comment: @Christian Heimes this bug is about "urllib" client library, the key point is not "http.server" module. -- ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by Łukasz Langa : -- versions: +Python 3.8 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Łukasz Langa added the comment: New changeset f396864ddfe914531b5856d7bf852808ebfc01ae by Miss Islington (bot) in branch '3.8': bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) (#25933)

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Christian Heimes added the comment: http.server is out of scope for CVEs. The module is not designed for security-sensitive usage and explicitly documented as insecure and not suitable for production use: https://docs.python.org/3/library/http.server.html#module-http.server > Warning:

[issue44022] urllib http client possible infinite loop on a 100 Continue response

guangli dong added the comment: can you assign "cve" for this security bug? i will review the patch later. -- ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Gregory P. Smith added the comment: New changeset 60ba0b68470a584103e28958d91e93a6db37ec92 by Miss Islington (bot) in branch '3.10': bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916) (GH-25931)

[issue44022] urllib http client possible infinite loop on a 100 Continue response

miss-islington added the comment: New changeset ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 by Miss Islington (bot) in branch '3.9': bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (GH-25916)

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Gregory P. Smith added the comment: Thanks guangli dong (leveryd)! This is in and the 3.10-3.6 PRs should automerge (thru 3.9) after the CI runs, or be merged by the release managers (3.6-3.8). -- resolution: -> fixed stage: patch review -> commit review status: open -> closed

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +24601 pull_request: https://github.com/python/cpython/pull/25934 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +24600 pull_request: https://github.com/python/cpython/pull/25933 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +24602 pull_request: https://github.com/python/cpython/pull/25935 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- pull_requests: +24599 pull_request: https://github.com/python/cpython/pull/25932 ___ Python tracker ___

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by miss-islington : -- nosy: +miss-islington nosy_count: 3.0 -> 4.0 pull_requests: +24598 pull_request: https://github.com/python/cpython/pull/25931 ___ Python tracker

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Gregory P. Smith added the comment: The bug: Our http client can get stuck infinitely reading len(line) < 64k lines after receiving a '100 Continue' http response. So yes, this could lead to our client being a bandwidth sink for anyone in control of a server. Clear issue: That's a denial

[issue44022] urllib http client possible infinite loop on a 100 Continue response

Change by Gregory P. Smith : -- assignee: -> gregory.p.smith nosy: +gregory.p.smith title: "urllib" will result to deny of service -> urllib http client possible infinite loop on a 100 Continue response versions: +Python 3.10, Python 3.11, Python 3.9