[issue19996] httplib infinite read on invalid header
R. David Murray
report at bugs.python.org
Mon Dec 16 15:35:38 CET 2013
R. David Murray added the comment:
I haven't looked at the code, but could we preserve the existing behavior but apply a timeout to mitigate the DOS?
On the other hand, the fact that curl manages to return something indicates there is probably an error recovery strategy that would work. I'm not sure if we have an error reporting mechanism in httplib if we do error recovery. We do in the email module, and httplib uses the email code for headers, I think, so there might be a way to leverage that if there is no existing mechanism. But of course even deciding to do that requires some discussion :)
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19996>
_______________________________________
More information about the Python-bugs-list
mailing list