[Patches] [ python-Patches-900744 ] catch invalid chunk length in httplib read routine

SourceForge.net noreply at sourceforge.net
Mon Feb 28 17:53:25 CET 2005 

Patches item #900744, was opened at 2004-02-19 23:14
Message generated for change (Comment added) made by agwego
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=900744&group_id=5470

Category: Library (Lib)
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Wummel (calvin)
Assigned to: Nobody/Anonymous (nobody)
Summary: catch invalid chunk length in httplib read routine

Initial Comment:
In HTTPResponse._read_chunked the chunk length is not
checked to be a valid integer, and a ValueError will be
raised in such a case.
The attached patch catches ValueError (which should not
normally happen, so this try:except: is reasonably
fast), and raises IncompleteRead exception instead.
I have no test case for this yet, but am trying to
construct one :)

----------------------------------------------------------------------

Comment By: agwego (agwego)
Date: 2005-02-28 16:53

Message:
Logged In: YES 
user_id=1228982

I've run into this problem in conjunction with mod_python
3.1.4 (and although the problem is caused in mod_python) my
python skills aren't up to the task. Which leaves me with
fixing httplib. Although the above patch works when it comes
to end of file situations, I think it would be better to
return what has been consumed so far and leave it at that. A
few lines down there's a comment about consuming trailers,
this is the case that is tripping up httplib as far as I can
tell. This is happening in Python 2.3.4.

--- packages/Python-2.3.4/Lib/httplib.py        Sun Nov  2
11:51:38 2003
+++ httplib.py  Mon Feb 28 11:26:48 2005
@@ -423,7 +423,11 @@
                 i = line.find(';')
                 if i >= 0:
                     line = line[:i] # strip chunk-extensions
-                chunk_left = int(line, 16)
+                try:
+                    chunk_left = int(line, 16)
+                except ValueError, msg:
+                    self.close()
+                    return value
                 if chunk_left == 0:
                     break
             if amt is None:




----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=900744&group_id=5470

More information about the Patches mailing list