[issue44022] urllib http client possible infinite loop on a 100 Continue response
Gregory P. Smith
report at bugs.python.org
Fri May 7 13:39:21 EDT 2021
Gregory P. Smith <greg at krypto.org> added the comment:
httplib.py is a Python 2 concept. Python 2 is end of life. bugs.python.org no longer tracks issues with its code. I don't doubt that Python 2.7 has bugs. As a matter of policy, we don't care - https://www.python.org/doc/sunset-python-2/. Python 3.6 as that is the oldest branch still open for security fixes.
The PRs associated with this issue fixed a codepath in Python 3 that only happened after a '100' response. That codepath did not accumulate headers:
```
if status != CONTINUE:
break
# skip the header from the 100 response
while True:
skip = self.fp.readline(_MAXLINE + 1)
if len(skip) > _MAXLINE:
raise LineTooLong("header line")
skip = skip.strip()
if not skip:
break
```
CONTINUE = 100; meaning that loop only runs after receiving what appears to be a 100 continue response. And it does not accumulate data.
There is no `hlist` in the original pre-fix Python 3.6+ code. Nor any header accumulation caused by this the client.py talking to evil_server.py as described in this issues opening message.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44022>
_______________________________________
More information about the Python-bugs-list
mailing list