New submission from Richard Clifford: The issue comes when there is a malformed HTTP request not ending in a new line, it causes the server to hang, not timeout and causes a DoS.
The request that I sent to the server was as follows: const char *headers = "GET / HTTP/1.1\r\nHost: localhost:8000\r\n"; Which should have been: const char *headers = "GET / HTTP/1.1\r\nHost: localhost:8000\r\n\r\n"; This causes a the application to await the second set of new-line sequences and hang until they are received which prevents any further connections from being made. I have just tested this against the latest versions of the library and I can supply a proof of concept code if that would be useful - just let me know. A recommended fix would be to ensure that all HTTP requests are received in full and in the correct manor prior to being parsed. ---------- components: Extension Modules files: basehttpdos.c messages: 257446 nosy: Richard Clifford priority: normal severity: normal status: open title: Denial of Service in SimpleHTTPServer and BaseHTTPServer type: security versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6 Added file: http://bugs.python.org/file41490/basehttpdos.c _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26005> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
