Description of problem: When using SimpleXMLRPCServer from the standard library, if a client connection is closed before the complete request body has been received the server will enter an infinite loop consuming memory. Version-Release number of selected component (if applicable): python-2.6.6-29.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Start the server: >>> import SimpleXMLRPCServer, SocketServer >>> class Server(SocketServer.ThreadingMixIn, SimpleXMLRPCServer.SimpleXMLRPCServer): pass ... >>> Server(('0.0.0.0', 12345)).serve_forever() 2. Simulate a malicious or flakey client: $ echo -e 'POST /RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nlol bye' | nc localhost 12345 ^C Actual results: Server goes nuts, with a thread stuck in an infinite loop eating memory. Expected results: Bad request is discarded. Additional info: The bug is in /usr/lib64/python2.6/SimpleXMLRPCServer.py at line 453: # Get arguments by reading body of request. # We read this in chunks to avoid straining # socket.read(); around the 10 or 15Mb mark, some platforms # begin to have problems (bug #792570). max_chunk_size = 10*1024*1024 size_remaining = int(self.headers["content-length"]) L = [] while size_remaining: chunk_size = min(size_remaining, max_chunk_size) L.append(self.rfile.read(chunk_size)) size_remaining -= len(L[-1]) data = ''.join(L) This code does not correctly handle EOF from self.rfile.read().
Issue reported upstream as: [1] http://bugs.python.org/issue14001
This issue did NOT affect the versions of the python package, as shipped with Red Hat Enterprise Linux 4 and 5. -- This issue affects the version of the python package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the version of the python26 package, as shipped with Fedora EPEL 5. Please schedule an update once final upstream patch is available. -- This issue affects the versions of the python package, as shipped with Fedora release of 15 and 16. Please schedule an update once final upstream patch is available. -- This issue affects the version of the python3 package, as shipped with Fedora release of 15 and 16. Please schedule an update once final upstream patch is available. -- This issue affects the version of the pypy package, as shipped with Fedora release of 15 and 16. Please schedule an update once final upstream patch is available.
CVE request: [2] http://www.openwall.com/lists/oss-security/2012/02/13/3
Created python tracking bugs for this issue Affects: fedora-all [bug 790027]
Added CVE CVE-2012-0845 as per http://www.openwall.com/lists/oss-security/2012/02/13/3
Created python3 tracking bugs for this issue Affects: fedora-all [bug 790358]
Created python26 tracking bugs for this issue Affects: epel-5 [bug 790360]
Created pypy tracking bugs for this issue Affects: fedora-all [bug 790366]
Patch for python 2.6: http://hg.python.org/cpython/rev/24244a744d01
Created python tracking bugs for this issue Affects: fedora-all [bug 808303]
Created pypy tracking bugs for this issue Affects: fedora-all [bug 808306]
Created python3 tracking bugs for this issue Affects: fedora-all [bug 808304]
python-2.7.3-3.fc17, python-docs-2.7.3-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
python3-3.2.3-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
python-2.7.3-1.fc16, python-docs-2.7.3-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
python3-3.2.3-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
python26-2.6.8-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0744 https://rhn.redhat.com/errata/RHSA-2012-0744.html
python3-3.2.3-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Fixed upstream in 2.6.8, 2.7.3, 3.1.5, and 3.2.3: http://www.python.org/download/releases/2.6.8/ http://www.python.org/download/releases/2.7.3/ http://www.python.org/download/releases/3.1.5/ http://www.python.org/download/releases/3.2.3/