#900744: If an invalid chunked-encoding header is sent by a server,

httplib will now raise IncompleteRead and close the connection instead of raising ValueError.
author: Georg Brandl <georg@python.org> 2008-02-24 00:03:22 (GMT)
committer: Georg Brandl <georg@python.org> 2008-02-24 00:03:22 (GMT)
commit: 2363503074a3f1c2dbe934bed0c865d326e34c1a (patch)
tree: 5d9a22409e0fb92e604f0758a0d7a1425ce9363c /Lib
parent: 5e8e6d2454258d76611444a7260f05094f66d205 (diff)
download: cpython-2363503074a3f1c2dbe934bed0c865d326e34c1a.zip
cpython-2363503074a3f1c2dbe934bed0c865d326e34c1a.tar.gz
cpython-2363503074a3f1c2dbe934bed0c865d326e34c1a.tar.bz2
2 files changed, 36 insertions, 1 deletions
diff --git a/Lib/httplib.py b/Lib/httplib.py
index c7d8e78..bb4b59e 100644
--- a/Lib/httplib.py
+++ b/Lib/httplib.py
@@ -546,7 +546,13 @@ class HTTPResponse:
                 i = line.find(';')
                 if i >= 0:
                     line = line[:i] # strip chunk-extensions
-                chunk_left = int(line, 16)
+                try:
+                    chunk_left = int(line, 16)
+                except ValueError:
+                    # close the connection as protocol synchronisation is
+                    # probably lost
+                    self.close()
+                    raise IncompleteRead(value)
                 if chunk_left == 0:
                     break
             if amt is None:
diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
index d312ae5..e9dd9d6 100644
--- a/Lib/test/test_httplib.py
+++ b/Lib/test/test_httplib.py
@@ -156,6 +156,35 @@ class BasicTest(TestCase):
         conn.request('GET', '/foo', body)
         self.assertTrue(sock.data.startswith(expected))
 
+    def test_chunked(self):
+        chunked_start = (
+            'HTTP/1.1 200 OK\r\n'
+            'Transfer-Encoding: chunked\r\n\r\n'
+            'a\r\n'
+            'hello worl\r\n'
+            '1\r\n'
+            'd\r\n'
+        )
+        sock = FakeSocket(chunked_start + '0\r\n')
+        resp = httplib.HTTPResponse(sock, method="GET")
+        resp.begin()
+        self.assertEquals(resp.read(), 'hello world')
+        resp.close()
+
+        for x in ('', 'foo\r\n'):
+            sock = FakeSocket(chunked_start + x)
+            resp = httplib.HTTPResponse(sock, method="GET")
+            resp.begin()
+            try:
+                resp.read()
+            except httplib.IncompleteRead, i:
+                self.assertEquals(i.partial, 'hello world')
+            else:
+                self.fail('IncompleteRead expected')
+            finally:
+                resp.close()
+
+
 class OfflineTest(TestCase):
     def test_responses(self):
         self.assertEquals(httplib.responses[httplib.NOT_FOUND], "Not Found")
author	Georg Brandl <georg@python.org>	2008-02-24 00:03:22 (GMT)
committer	Georg Brandl <georg@python.org>	2008-02-24 00:03:22 (GMT)
commit	2363503074a3f1c2dbe934bed0c865d326e34c1a (patch)
tree	5d9a22409e0fb92e604f0758a0d7a1425ce9363c /Lib
parent	5e8e6d2454258d76611444a7260f05094f66d205 (diff)
download	cpython-2363503074a3f1c2dbe934bed0c865d326e34c1a.zip cpython-2363503074a3f1c2dbe934bed0c865d326e34c1a.tar.gz cpython-2363503074a3f1c2dbe934bed0c865d326e34c1a.tar.bz2