From 0840b415829f7fab8db48e1b38bbbfc7da2df8c0 Mon Sep 17 00:00:00 2001 From: Georg Brandl Date: Wed, 17 Sep 2014 13:17:58 +0800 Subject: [PATCH] Issue #22421 - Secure pydoc server run. Bind it to localhost instead of all interfaces. --- Lib/pydoc.py | 4 ++-- Lib/test/test_pydoc.py | 2 ++ Misc/NEWS | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Lib/pydoc.py b/Lib/pydoc.py index fa02edaffc..2a0cbf341c 100755 --- a/Lib/pydoc.py +++ b/Lib/pydoc.py @@ -2431,8 +2431,8 @@ def _start_server(urlhandler, port): class DocServer(http.server.HTTPServer): def __init__(self, port, callback): - self.host = (sys.platform == 'mac') and '127.0.0.1' or 'localhost' - self.address = ('', port) + self.host = 'localhost' + self.address = (self.host, port) self.callback = callback self.base.__init__(self, self.address, self.handler) self.quit = False diff --git a/Lib/test/test_pydoc.py b/Lib/test/test_pydoc.py index 42a4089940..b632434e9a 100644 --- a/Lib/test/test_pydoc.py +++ b/Lib/test/test_pydoc.py @@ -510,6 +510,8 @@ class PydocServerTest(unittest.TestCase): return text serverthread = pydoc._start_server(my_url_handler, port=0) + self.assertIn('localhost', serverthread.docserver.address) + starttime = time.time() timeout = 1 #seconds diff --git a/Misc/NEWS b/Misc/NEWS index 398ed294cf..60946e816b 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -10,6 +10,9 @@ What's New in Python 3.2.6? Library ------- +- Issue #22421: Fix a regression that caused the pydoc server to be bound to + all interfaces instead of only localhost. + - Issue #22419: Limit the length of incoming HTTP request in wsgiref server to 65536 bytes and send a 414 error code for higher lengths. Patch contributed by Devin Cook. -- 2.40.0