[issue10714] httpserver request length

Antoine Pitrou added the comment: It turns out the test could be simplified a lot by reusing the existing infrastructure. I've committed the modified patch in r87317 (3.2), r87318 (3.1) and r87320 (2.7). Thank you! -- resolution: -> fixed stage: -> committed/rejected status: open ->

[issue10714] httpserver request length

Ross Lagerwall added the comment: OK, here is an updated patch using threading & 0 as a port number. -- Added file: http://bugs.python.org/file20076/httpserver_py3k_v2.patch ___ Python tracker

[issue10714] httpserver request length

Antoine Pitrou added the comment: Thanks for the patch. First, there's no need to use multiprocessing here. Threading would be sufficient. Second, you shouldn't use an explicit port number, but instead let the server bind itself to whatever port is available (I think 0 using as the port numbe

[issue10714] httpserver request length

Changes by Ross Lagerwall : -- nosy: +pitrou ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python

[issue10714] httpserver request length

New submission from Ross Lagerwall : BaseHTTPRequestHandler in http.server does not limit the length of the request line so a malicious client can cause the server to run out of memory with a malicious request. This patch limits the length to 64K (like Apache) and sends Error 414 if it exceed