Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3ccc918

Browse files
author
Charles-François Natali
committed
Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
2 parents 93abdd1 + cd96b4f commit 3ccc918

3 files changed

Lines changed: 15 additions & 7 deletions

File tree

Lib/test/test_xmlrpc.py

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -519,12 +519,7 @@ def setUp(self):
519519

520520
def tearDown(self):
521521
# wait on the server thread to terminate
522-
self.evt.wait(4.0)
523-
# XXX this code does not work, and in fact stop_serving doesn't exist.
524-
if not self.evt.is_set():
525-
self.evt.set()
526-
stop_serving()
527-
raise RuntimeError("timeout reached, test has failed")
522+
self.evt.wait()
528523

529524
# disable traceback reporting
530525
xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
@@ -671,6 +666,13 @@ def test_unicode_host(self):
671666
server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT))
672667
self.assertEqual(server.add("a", "\xe9"), "a\xe9")
673668

669+
def test_partial_post(self):
670+
# Check that a partial POST doesn't make the server loop: issue #14001.
671+
conn = http.client.HTTPConnection(ADDR, PORT)
672+
conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
673+
conn.close()
674+
675+
674676
class MultiPathServerTestCase(BaseServerTestCase):
675677
threadFunc = staticmethod(http_multi_server)
676678
request_count = 2

Lib/xmlrpc/server.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -476,7 +476,10 @@ def do_POST(self):
476476
L = []
477477
while size_remaining:
478478
chunk_size = min(size_remaining, max_chunk_size)
479-
L.append(self.rfile.read(chunk_size))
479+
chunk = self.rfile.read(chunk_size)
480+
if not chunk:
481+
break
482+
L.append(chunk)
480483
size_remaining -= len(L[-1])
481484
data = b''.join(L)
482485

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -466,6 +466,9 @@ Core and Builtins
466466
Library
467467
-------
468468

469+
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
470+
SimpleXMLRPCServer upon malformed POST request.
471+
469472
- Issue #13961: Move importlib over to using os.replace() for atomic renaming.
470473

471474
- Do away with ambiguous level values (as suggested by PEP 328) in

0 commit comments

Comments
 (0)