Issue 22419: wsgiref request length

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/66609

classification

Title:	wsgiref request length
Type:	security	Stage:	resolved
Components:	Library (Lib)	Versions:	Python 3.3, Python 3.4, Python 3.5, Python 2.7

process

Dependencies:	Superseder:
Status:	closed	Resolution:	fixed
Assigned To:	orsenthil	Nosy List:	Arfrever, devin, orsenthil, python-dev
Priority:	normal	Keywords:	patch

Created on 2014年09月15日 18:06 by devin, last changed 2022年04月11日 14:58 by admin. This issue is now closed.

Files
File name	Uploaded	Description	Edit
wsgiref_request_length.patch	devin, 2014年09月15日 18:06	review

Messages (5)
msg226931 - (view)	Author: Devin Cook (devin)	Date: 2014年09月15日 18:06
BaseHTTPRequestHandler limits request length to prevent DoS. WSGIRequestHandler should probably do the same. See: http://bugs.python.org/issue10714
msg226986 - (view)	Author: Senthil Kumaran (orsenthil) * (Python committer)	Date: 2014年09月17日 08:03
The patch looks good. Yeah, wsgiref server will see the benefiting of rejecting long url with 414.
msg226987 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2014年09月17日 08:33
New changeset 7a4d960fc801 by Senthil Kumaran in branch '2.7': Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes. https://hg.python.org/cpython/rev/7a4d960fc801 New changeset a4e0aee1a9b5 by Senthil Kumaran in branch '3.3': Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes. https://hg.python.org/cpython/rev/a4e0aee1a9b5 New changeset ba86978c8ab5 by Senthil Kumaran in branch '3.4': Merge from 3.3 https://hg.python.org/cpython/rev/ba86978c8ab5 New changeset 07b928530cdf by Senthil Kumaran in branch 'default': Merge from 3.4 https://hg.python.org/cpython/rev/07b928530cdf
msg226988 - (view)	Author: Senthil Kumaran (orsenthil) * (Python committer)	Date: 2014年09月17日 08:35
Thanks, fixed in all versions applicable for security release.
msg227904 - (view)	Author: Roundup Robot (python-dev) (Python triager)	Date: 2014年09月30日 12:59
New changeset 0d115d14adfd by Georg Brandl in branch '3.2': Issue #22419: Limit the length of incoming HTTP request in wsgiref server to https://hg.python.org/cpython/rev/0d115d14adfd

History
Date	User	Action	Args
2022年04月11日 14:58:08	admin	set	github: 66609
2014年09月30日 12:59:27	python-dev	set	messages: + msg227904
2014年09月21日 09:05:15	Arfrever	set	nosy: + Arfrever
2014年09月17日 08:35:19	orsenthil	set	versions: + Python 2.7, Python 3.3, Python 3.4, Python 3.5
2014年09月17日 08:35:04	orsenthil	set	status: open -> closed messages: + msg226988 assignee: orsenthil resolution: fixed stage: resolved
2014年09月17日 08:33:02	python-dev	set	nosy: + python-dev messages: + msg226987
2014年09月17日 08:03:21	orsenthil	set	nosy: + orsenthil messages: + msg226986
2014年09月15日 18:06:26	devin	create

homepage