Commit 40a09ee1 authored by Michael Hanselmann's avatar Michael Hanselmann
Browse files

Fix two potentially endless loops in http library



The first can be problematic if poll(2) returns POLLHUP|POLLERR on a
socket. Before it would be only be respected for SOCKOP_RECV, but since
they can also occur on other socket operations, esp. in combination with
OpenSSL, letting the socket functions handle POLLHUP|POLLERR seems to be
the right thing.

The second is a typo leading to an endless loop if the first line of an
HTTP connection is empty (simply "\r\n"). Instead of removing the empty
line, it would remove anything after it.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parent cac599f1
......@@ -403,9 +403,9 @@ def SocketOperation(sock, op, arg1, timeout):
if event is None:
raise HttpSocketTimeout()
if (op == SOCKOP_RECV and
event & (select.POLLNVAL | select.POLLHUP | select.POLLERR)):
return ""
if event & (select.POLLNVAL | select.POLLHUP | select.POLLERR):
# Let the socket functions handle these
break
if not event & wait_for_event:
continue
......@@ -862,7 +862,7 @@ class HttpMessageReader(object):
# the CRLF."
if idx == 0:
# TODO: Limit number of CRLFs/empty lines for safety?
buf = buf[:2]
buf = buf[2:]
continue
if idx > 0:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment