diff options
| author | Foxlik <Foxlik@users.noreply.github.com> | 2016-10-18 16:39:15 +0200 |
|---|---|---|
| committer | Toshio Kuratomi <a.badger@gmail.com> | 2016-10-26 11:48:47 -0700 |
| commit | 6b603b026c6b1b54d37ed1574e114d108d7078af (patch) | |
| tree | 2da14c05c92ecd8bb44c0e4d75bcefa1c8e29aa1 | |
| parent | deb1e3ebc7f4cf99e849ae5c2028e88498102faf (diff) | |
| download | ansible-6b603b026c6b1b54d37ed1574e114d108d7078af.tar.gz | |
Fix #10865
Slightly better handling of http headers from http (CONNECT) proxy. Buffers up to 128KiB of headers and raises exception if this size is exceeded.
This could be optimized further, but for the time being it does the trick.
(cherry picked from commit 8bb01d4c29e4abd5f628dbc15ab8d5cda90cdad2)
| -rw-r--r-- | lib/ansible/module_utils/urls.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 9d8422f3a7..2fce58d519 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -674,7 +674,12 @@ class SSLValidationHandler(urllib_request.BaseHandler): credentials = "%s:%s" % (proxy_parts.get('username',''), proxy_parts.get('password','')) s.sendall('Proxy-Authorization: Basic %s\r\n' % credentials.encode('base64').strip()) s.sendall('\r\n') - connect_result = s.recv(4096) + connect_result = "" + while connect_result.find("\r\n\r\n") <= 0: + connect_result += s.recv(4096) + # 128 kilobytes of headers should be enough for everyone. + if len(connect_result) > 131072: + raise ProxyError('Proxy sent too verbose headers. Only 128KiB allowed.') self.validate_proxy_response(connect_result) if context: ssl_s = context.wrap_socket(s, server_hostname=self.hostname) |