Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit cd96b4f

Browse files
author
Charles-François Natali
committed
Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
2 parents ead1de2 + ec1712a commit cd96b4f

3 files changed

Lines changed: 15 additions & 7 deletions

File tree

Lib/test/test_xmlrpc.py

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -474,12 +474,7 @@ def setUp(self):
474474

475475
def tearDown(self):
476476
# wait on the server thread to terminate
477-
self.evt.wait(4.0)
478-
# XXX this code does not work, and in fact stop_serving doesn't exist.
479-
if not self.evt.is_set():
480-
self.evt.set()
481-
stop_serving()
482-
raise RuntimeError("timeout reached, test has failed")
477+
self.evt.wait()
483478

484479
# disable traceback reporting
485480
xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
@@ -626,6 +621,13 @@ def test_unicode_host(self):
626621
server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT))
627622
self.assertEqual(server.add("a", "\xe9"), "a\xe9")
628623

624+
def test_partial_post(self):
625+
# Check that a partial POST doesn't make the server loop: issue #14001.
626+
conn = http.client.HTTPConnection(ADDR, PORT)
627+
conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
628+
conn.close()
629+
630+
629631
class MultiPathServerTestCase(BaseServerTestCase):
630632
threadFunc = staticmethod(http_multi_server)
631633
request_count = 2

Lib/xmlrpc/server.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -474,7 +474,10 @@ def do_POST(self):
474474
L = []
475475
while size_remaining:
476476
chunk_size = min(size_remaining, max_chunk_size)
477-
L.append(self.rfile.read(chunk_size))
477+
chunk = self.rfile.read(chunk_size)
478+
if not chunk:
479+
break
480+
L.append(chunk)
478481
size_remaining -= len(L[-1])
479482
data = b''.join(L)
480483

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,9 @@ Core and Builtins
116116
Library
117117
-------
118118

119+
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
120+
SimpleXMLRPCServer upon malformed POST request.
121+
119122
- Issue #2489: pty.spawn could consume 100% cpu when it encountered an EOF.
120123

121124
- Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().

0 commit comments

Comments
 (0)