Overview

File python-3.2.1-CVE-2012-0845-xmlrpc-DoS.patch of Package python3.openSUSE_12.1_Update

# HG changeset patch
# User Charles-François Natali <neologix@free.fr>
# Date 1329573221 -3600
# Node ID cd67740ce653777da2bbeec8e92989406f9678f6
# Parent  88522997b0217788d0863ef5cc8aff08de5a4c1b# Parent  4dd5a94fd3e376448e67be6be7007dbc926299e3
Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.

Index: Python-3.2.1/Lib/test/test_xmlrpc.py
===================================================================
--- Python-3.2.1.orig/Lib/test/test_xmlrpc.py	2011-07-09 08:58:51.000000000 +0200
+++ Python-3.2.1/Lib/test/test_xmlrpc.py	2012-03-29 19:01:12.000000000 +0200
@@ -436,12 +436,7 @@
 
     def tearDown(self):
         # wait on the server thread to terminate
-        self.evt.wait(4.0)
-        # XXX this code does not work, and in fact stop_serving doesn't exist.
-        if not self.evt.is_set():
-            self.evt.set()
-            stop_serving()
-            raise RuntimeError("timeout reached, test has failed")
+        self.evt.wait()
 
         # disable traceback reporting
         xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False
@@ -584,6 +579,13 @@
         # This avoids waiting for the socket timeout.
         self.test_simple1()
 
+    def test_partial_post(self):
+        # Check that a partial POST doesn't make the server loop: issue #14001.
+        conn = http.client.HTTPConnection(ADDR, PORT)
+        conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye')
+        conn.close()
+
+
 class MultiPathServerTestCase(BaseServerTestCase):
     threadFunc = staticmethod(http_multi_server)
     request_count = 2
Index: Python-3.2.1/Lib/xmlrpc/server.py
===================================================================
--- Python-3.2.1.orig/Lib/xmlrpc/server.py	2011-07-09 08:58:52.000000000 +0200
+++ Python-3.2.1/Lib/xmlrpc/server.py	2012-03-29 19:01:12.000000000 +0200
@@ -475,7 +475,10 @@
             L = []
             while size_remaining:
                 chunk_size = min(size_remaining, max_chunk_size)
-                L.append(self.rfile.read(chunk_size))
+                chunk = self.rfile.read(chunk_size)
+                if not chunk:
+                    break
+                L.append(chunk)
                 size_remaining -= len(L[-1])
             data = b''.join(L)
openSUSE Build Service is sponsored by
Places