Skip to content

Commit ec1712a

Browse files
author
Charles-François Natali
committed
Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer
upon malformed POST request.
1 parent 2f7b286 commit ec1712a

File tree

2 files changed

+7
-1
lines changed

2 files changed

+7
-1
lines changed

Lib/xmlrpc/server.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -449,7 +449,10 @@ def do_POST(self):
449449
L = []
450450
while size_remaining:
451451
chunk_size = min(size_remaining, max_chunk_size)
452-
L.append(self.rfile.read(chunk_size))
452+
chunk = self.rfile.read(chunk_size)
453+
if not chunk:
454+
break
455+
L.append(chunk)
453456
size_remaining -= len(L[-1])
454457
data = b''.join(L)
455458

Misc/NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ Core and Builtins
1313
Library
1414
-------
1515

16+
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
17+
SimpleXMLRPCServer upon malformed POST request.
18+
1619
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
1720
IV attack countermeasure.
1821

0 commit comments

Comments
 (0)