diff options
Diffstat (limited to 'Lib/http')
| -rw-r--r-- | Lib/http/server.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py index a245ffb3078..ca6240d9a92 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -300,6 +300,10 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler): # - Leading zeros MUST be ignored by recipients. if len(version_number) != 2: raise ValueError + if any(not component.isdigit() for component in version_number): + raise ValueError("non digit in http version") + if any(len(component) > 10 for component in version_number): + raise ValueError("unreasonable length http version") version_number = int(version_number[0]), int(version_number[1]) except (ValueError, IndexError): self.send_error( |