[Bug #676292] BaseHTTPServer incorrectly parses protocol; fix by Andrew Dalke

* Treat major, minor numbers of HTTP version as separate integers * Fix errors if version string is "HTTP/1.2.3" or even simply "BLAH". * send_error() checks if 'self.command' is a HEAD. However, if there's an error parsing the first line of the HTTP request the self.command wasn't set yet; force self.command to be initialized to None.
author: Andrew M. Kuchling <amk@amk.ca> 2003-02-03 19:11:18 (GMT)
committer: Andrew M. Kuchling <amk@amk.ca> 2003-02-03 19:11:18 (GMT)
commit: 2de97d398d5a66307228b1269812da94e65e20a3 (patch)
tree: dc1d737a19ad6be45e7d640773166ba923a577fb /Lib/BaseHTTPServer.py
parent: 868ecc22ab2207b1f9a36f803eaa58f5c3037657 (diff)
download: cpython-2de97d398d5a66307228b1269812da94e65e20a3.zip
cpython-2de97d398d5a66307228b1269812da94e65e20a3.tar.gz
cpython-2de97d398d5a66307228b1269812da94e65e20a3.tar.bz2
1 files changed, 16 insertions, 5 deletions
diff --git a/Lib/BaseHTTPServer.py b/Lib/BaseHTTPServer.py
index 69d417a..043f9b2 100644
--- a/Lib/BaseHTTPServer.py
+++ b/Lib/BaseHTTPServer.py
@@ -226,6 +226,7 @@ class BaseHTTPRequestHandler(SocketServer.StreamRequestHandler):
         error is sent back.
 
         """
+        self.command = None  # set in case of error on the first line
         self.request_version = version = "HTTP/0.9" # Default
         self.close_connection = 1
         requestline = self.raw_requestline
@@ -241,15 +242,25 @@ class BaseHTTPRequestHandler(SocketServer.StreamRequestHandler):
                 self.send_error(400, "Bad request version (%s)" % `version`)
                 return False
             try:
-                version_number = float(version.split('/', 1)[1])
-            except ValueError:
+                base_version_number = version.split('/', 1)[1]
+                version_number = base_version_number.split(".")
+                # RFC 2145 section 3.1 says there can be only one "." and
+                #   - major and minor numbers MUST be treated as
+                #      separate integers;
+                #   - HTTP/2.4 is a lower version than HTTP/2.13, which in
+                #      turn is lower than HTTP/12.3;
+                #   - Leading zeros MUST be ignored by recipients.
+                if len(version_number) != 2:
+                    raise ValueError
+                version_number = int(version_number[0]), int(version_number[1])
+            except (ValueError, IndexError):
                 self.send_error(400, "Bad request version (%s)" % `version`)
                 return False
-            if version_number >= 1.1 and self.protocol_version >= "HTTP/1.1":
+            if version_number >= (1, 1) and self.protocol_version >= "HTTP/1.1":
                 self.close_connection = 0
-            if version_number >= 2.0:
+            if version_number >= (2, 0):
                 self.send_error(505,
-                                "Invalid HTTP Version (%f)" % version_number)
+                          "Invalid HTTP Version (%s)" % base_version_number)
                 return False
         elif len(words) == 2:
             [command, path] = words
author	Andrew M. Kuchling <amk@amk.ca>	2003-02-03 19:11:18 (GMT)
committer	Andrew M. Kuchling <amk@amk.ca>	2003-02-03 19:11:18 (GMT)
commit	2de97d398d5a66307228b1269812da94e65e20a3 (patch)
tree	dc1d737a19ad6be45e7d640773166ba923a577fb /Lib/BaseHTTPServer.py
parent	868ecc22ab2207b1f9a36f803eaa58f5c3037657 (diff)
download	cpython-2de97d398d5a66307228b1269812da94e65e20a3.zip cpython-2de97d398d5a66307228b1269812da94e65e20a3.tar.gz cpython-2de97d398d5a66307228b1269812da94e65e20a3.tar.bz2