Changeset 1572

Timestamp:

12/28/06 14:09:37

Author:

fumanchu

Message:

2.x backport of [1538] and [1549] (Fix for leading CRLF in request).

Files:

• branches/cherrypy-2.x/cherrypy/_cpwsgiserver.py (modified) (1 diff)

branches/cherrypy-2.x/cherrypy/_cpwsgiserver.py

@@ -68 +68 @@
-            self.ready = False
-            return
+        
+        if request_line == "\r\n":
+            # RFC 2616 sec 4.1: "...if the server is reading the protocol
+            # stream at the beginning of a message and receives a CRLF
+            # first, it should ignore the CRLF."
+            # But only ignore one leading line! else we enable a DoS.
+            request_line = self.rfile.readline()
+            if not request_line:
+                self.ready = False
+                return
-        
-        method, path, req_protocol = request_line.strip().split(" ", 2)