bpo-44022: Fix httplib client deny of service with total header size check after 100

gen-xu · gen-xu · commit e53f243a4d74 · 2021-05-05T04:21:43.000-07:00
diff --git a/Lib/http/client.py b/Lib/http/client.py
@@ -309,9 +309,12 @@ def begin(self):
             if status != CONTINUE:
                 break
             # skip the header from the 100 response
+            header_total_size = 0
             while True:
                 skip = self.fp.readline(_MAXLINE + 1)
-                if len(skip) > _MAXLINE:
+                line_length = len(skip)
+                header_total_size += line_length
+                if line_length > _MAXLINE or header_total_size > _MAXLINE:
                     raise LineTooLong("header line")
                 skip = skip.strip()
                 if not skip:
diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
@@ -1180,6 +1180,14 @@ def test_overflowing_header_line(self):
         resp = client.HTTPResponse(FakeSocket(body))
         self.assertRaises(client.LineTooLong, resp.begin)
 
+    def test_overflowing_total_header_size_after_100(self):
+        body = (
+            'HTTP/1.1 100 OK\r\n'
+            'r\n' * 32768
+        )
+        resp = client.HTTPResponse(FakeSocket(body))
+        self.assertRaises(client.LineTooLong, resp.begin)
+
     def test_overflowing_chunked_line(self):
         body = (
             'HTTP/1.1 200 OK\r\n'
