[Zope-Checkins] CVS: Zope/lib/python/ZServer - HTTPServer.py:1.1.2.2
Chris McDonough
chrism@zope.com
Tue, 8 Oct 2002 20:57:13 -0400
Update of /cvs-repository/Zope/lib/python/ZServer
In directory cvs.zope.org:/tmp/cvs-serv18464
Modified Files:
Tag: chrism-install-branch
HTTPServer.py
Log Message:
Commit ZServer fix from trunk.
=== Zope/lib/python/ZServer/HTTPServer.py 1.1.2.1 => 1.1.2.2 ===
--- Zope/lib/python/ZServer/HTTPServer.py:1.1.2.1 Tue Sep 17 01:16:05 2002
+++ Zope/lib/python/ZServer/HTTPServer.py Tue Oct 8 20:57:12 2002
@@ -283,6 +283,7 @@
closed=0
zombie_timeout=100*60 # 100 minutes
+ max_header_len = 8196
def __init__(self, server, conn, addr):
http_channel.__init__(self, server, conn, addr)
@@ -336,6 +337,17 @@
if (now - channel.creation_time) > channel.zombie_timeout:
channel.close()
+ def collect_incoming_data (self, data):
+ # Override medusa http_channel implementation to prevent DOS attacks
+ # that send never-ending HTTP headers.
+ if self.current_request:
+ # we are receiving data (probably POST data) for a request
+ self.current_request.collect_incoming_data (data)
+ else:
+ # we are receiving header (request) data
+ self.in_buffer = self.in_buffer + data
+ if len(self.in_buffer) > self.max_header_len:
+ raise ValueError('HTTP headers invalid (too long)')
class zhttp_server(http_server):
"http server"