-
-
Notifications
You must be signed in to change notification settings - Fork 30.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpo-44022: Improve the security fix regression test. #26503
Conversation
It wasn't actually detecting the regression due to the assertion being too lenient.
Thanks @gpshead for the PR 🌮🎉.. I'm working now to backport this PR to: 3.10, 3.6, 3.7, 3.8, 3.9. |
It wasn't actually detecting the regression due to the assertion being too lenient. (cherry picked from commit e60ab84) Co-authored-by: Gregory P. Smith <greg@krypto.org>
GH-26504 is a backport of this pull request to the 3.10 branch. |
It wasn't actually detecting the regression due to the assertion being too lenient. (cherry picked from commit e60ab84) Co-authored-by: Gregory P. Smith <greg@krypto.org>
GH-26505 is a backport of this pull request to the 3.9 branch. |
GH-26506 is a backport of this pull request to the 3.8 branch. |
GH-26507 is a backport of this pull request to the 3.7 branch. |
GH-26508 is a backport of this pull request to the 3.6 branch. |
It wasn't actually detecting the regression due to the assertion being too lenient. (cherry picked from commit e60ab84) Co-authored-by: Gregory P. Smith <greg@krypto.org>
It wasn't actually detecting the regression due to the assertion being too lenient. (cherry picked from commit e60ab84) Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
|
|
|
|
… a HTTP 100 Continue (pythonGH-25916) Backport the fix from the following commit: commit 47895e3 Author: Gen Xu <xgbarry@gmail.com> Date: 2021-05-06 00:42:41 +0200 bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100 Continue (pythonGH-25916) Fixes http.client potential denial of service where it could get stuck reading lines from a malicious server after a 100 Continue response. Co-authored-by: Gregory P. Smith <greg@krypto.org> Instead of reusing the header reading code, I have just added explicit counter to avoid having to refactor the old code. Plus the improved test from: commit e60ab84 Author: Gregory P. Smith <greg@krypto.org> Date: 2021-06-03 05:43:38 +0200 bpo-44022: Improve the regression test. (pythonGH-26503) It wasn't actually detecting the regression due to the assertion being too lenient.
It wasn't actually detecting the regression due to the
assertion being too lenient.
The fix that is already in is still good, this just corrects the test.
https://bugs.python.org/issue44022