From b75a0e9f32c47cc75924c79f7ac74e2f11f32506 Mon Sep 17 00:00:00 2001
From: Martin Panter <vadmium>
Date: Mon, 7 Sep 2015 01:18:47 +0000
Subject: Issue #17849: Raise sensible exception for invalid HTTP tunnel
 response

Initial patch from Cory Benfield.
---
 Lib/httplib.py           |  5 +++++
 Lib/test/test_httplib.py | 10 ++++++++++
 Misc/ACKS                |  1 +
 Misc/NEWS                |  4 ++++
 4 files changed, 20 insertions(+)

diff --git a/Lib/httplib.py b/Lib/httplib.py
index fc908d2..7223ba1 100644
--- a/Lib/httplib.py
+++ b/Lib/httplib.py
@@ -810,6 +810,11 @@ class HTTPConnection:
                                        method = self._method)
         (version, code, message) = response._read_status()
 
+        if version == "HTTP/0.9":
+            # HTTP/0.9 doesn't support the CONNECT verb, so if httplib has
+            # concluded HTTP/0.9 is being used something has gone wrong.
+            self.close()
+            raise socket.error("Invalid response from tunnel request")
         if code != 200:
             self.close()
             raise socket.error("Tunnel connection failed: %d %s" % (code,
diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
index 3014589..a72f6f7 100644
--- a/Lib/test/test_httplib.py
+++ b/Lib/test/test_httplib.py
@@ -578,6 +578,16 @@ class BasicTest(TestCase):
         #self.assertTrue(response[0].closed)
         self.assertTrue(conn.sock.file_closed)
 
+    def test_proxy_tunnel_without_status_line(self):
+        # Issue 17849: If a proxy tunnel is created that does not return
+        # a status code, fail.
+        body = 'hello world'
+        conn = httplib.HTTPConnection('example.com', strict=False)
+        conn.set_tunnel('foo')
+        conn.sock = FakeSocket(body)
+        with self.assertRaisesRegexp(socket.error, "Invalid response"):
+            conn._tunnel()
+
 class OfflineTest(TestCase):
     def test_responses(self):
         self.assertEqual(httplib.responses[httplib.NOT_FOUND], "Not Found")
diff --git a/Misc/ACKS b/Misc/ACKS
index ba3e3fe..59d0914 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -107,6 +107,7 @@ Ben Bell
 Thomas Bellman
 Alexander “Саша” Belopolsky
 Eli Bendersky
+Cory Benfield
 David Benjamin
 Oscar Benjamin
 Andrew Bennetts
diff --git a/Misc/NEWS b/Misc/NEWS
index 017acc6..26e41c3 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -37,6 +37,10 @@ Core and Builtins
 Library
 -------
 
+- Issue #17849: Raise a sensible exception if an invalid response is
+  received for a HTTP tunnel request, as seen with some servers that
+  do not support tunnelling.  Initial patch from Cory Benfield.
+
 - Issue #16180: Exit pdb if file has syntax error, instead of trapping user
   in an infinite loop.  Patch by Xavier de Gaye.
 
-- 
cgit v0.12