diff --git i/Lib/httplib.py w/Lib/httplib.py index 5c919d2..c08ac4a 100644 --- i/Lib/httplib.py +++ w/Lib/httplib.py @@ -214,6 +214,8 @@ MAXAMOUNT = 1048576 # maximal line length when calling readline(). _MAXLINE = 65536 +_MAXHEADERS = 100 + class HTTPMessage(mimetools.Message): @@ -271,6 +273,8 @@ class HTTPMessage(mimetools.Message): elif self.seekable: tell = self.fp.tell while True: + if len(hlist)> _MAXHEADERS: + raise TooMuchHeaders() if tell: try: startofline = tell() @@ -1270,6 +1274,11 @@ class LineTooLong(HTTPException): HTTPException.__init__(self, "got more than %d bytes when reading %s" % (_MAXLINE, line_type)) + +class TooMuchHeaders(HTTPException): + def __init__(self): + HTTPException.__init__(self, "got more than %d headers" % _MAXHEADERS) + # for backwards compatibility error = HTTPException diff --git i/Lib/test/test_httplib.py w/Lib/test/test_httplib.py index 3e81a2c..757a1f1 100644 --- i/Lib/test/test_httplib.py +++ w/Lib/test/test_httplib.py @@ -255,6 +255,13 @@ class BasicTest(TestCase): if resp.read() != "": self.fail("Did not expect response from HEAD request") + def test_too_many_headers(self): + headers = '\r\n'.join('Header%d: foo' % i for i in xrange(200)) + '\r\n' + text = ('HTTP/1.1 200 OK\r\n' + headers) + s = FakeSocket(text) + r = httplib.HTTPResponse(s) + self.assertRaises(httplib.TooMuchHeaders, r.begin) + def test_send_file(self): expected = 'GET /foo HTTP/1.1\r\nHost: example.com\r\n' \ 'Accept-Encoding: identity\r\nContent-Length:'

AltStyle によって変換されたページ (->オリジナル) /