Open serhiy-storchaka opened 1 month ago
Correct me if I'm wrong, but the incriminated lines are the following right:
If so, could I perhaps take on this one? (I never directly contributed to CPython so I think I can take this one to setup everything that's needed, unless you are already working on it).
Thank you for volunteering @picnixz, but I already have a solution. I have been somewhat delayed in publishing it because I discovered other problem: the large body was truncated on Windows, because SocketIO.read()
is unbuffered and can return a partial data.
No worries! I think you are much faster than me on that since I'm not really familiar with the http and IO-related codebase.
When
http.server.CGIHTTPRequestHandler
on Windows (and other platforms withoutfork()
) handles the POST request, it reads the whole body of the POST request in memory before sending it to the subprocess running the script. The underlying SocketIO allocates the amount of memory specified in theContent-Length
header before actual reading the data, so a small request with incorrectContent-Length
can cause consumption of the large amount of memory and CPU time and can be used in the DOS attack on the server.Linked PRs