From 6b603b026c6b1b54d37ed1574e114d108d7078af Mon Sep 17 00:00:00 2001 From: Foxlik Date: Tue, 18 Oct 2016 16:39:15 +0200 Subject: [PATCH] Fix #10865 Slightly better handling of http headers from http (CONNECT) proxy. Buffers up to 128KiB of headers and raises exception if this size is exceeded. This could be optimized further, but for the time being it does the trick. (cherry picked from commit 8bb01d4c29e4abd5f628dbc15ab8d5cda90cdad2) --- lib/ansible/module_utils/urls.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 9d8422f3a7b..2fce58d519d 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -674,7 +674,12 @@ class SSLValidationHandler(urllib_request.BaseHandler): credentials = "%s:%s" % (proxy_parts.get('username',''), proxy_parts.get('password','')) s.sendall('Proxy-Authorization: Basic %s\r\n' % credentials.encode('base64').strip()) s.sendall('\r\n') - connect_result = s.recv(4096) + connect_result = "" + while connect_result.find("\r\n\r\n") <= 0: + connect_result += s.recv(4096) + # 128 kilobytes of headers should be enough for everyone. + if len(connect_result) > 131072: + raise ProxyError('Proxy sent too verbose headers. Only 128KiB allowed.') self.validate_proxy_response(connect_result) if context: ssl_s = context.wrap_socket(s, server_hostname=self.hostname)