[Patches] [ python-Patches-900744 ] catch invalid chunk length in httplib read routine

SourceForge.net noreply at sourceforge.net
Mon Feb 19 13:10:45 CET 2007

Patches item #900744, was opened at 2004-02-19 23:14
Message generated for change (Comment added) made by gbrandl
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Library (Lib)
Group: Python 2.5
Status: Open
Resolution: Accepted
Priority: 5
Private: No
Submitted By: Wummel (calvin)
Assigned to: Georg Brandl (gbrandl)
Summary: catch invalid chunk length in httplib read routine

Initial Comment:
In HTTPResponse._read_chunked the chunk length is not
checked to be a valid integer, and a ValueError will be
raised in such a case.
The attached patch catches ValueError (which should not
normally happen, so this try:except: is reasonably
fast), and raises IncompleteRead exception instead.
I have no test case for this yet, but am trying to
construct one :)


>Comment By: Georg Brandl (gbrandl)
Date: 2007-02-19 12:10

Logged In: YES 
Originator: NO

Martin: which patch? Mine, which returns what was read so far, or
calvin's, which raises IncompleteRead?


Comment By: Martin v. Löwis (loewis)
Date: 2007-02-18 08:39

Logged In: YES 
Originator: NO

Georg, the patch is fine for 2.6, please apply (for 2.5, I would be
cautious because of the behaviour change).


Comment By: Wummel (calvin)
Date: 2006-02-01 22:16

Logged In: YES 

I attached a simple testcase that triggers the bug. IMHO
this patch should be applied for Python 2.5.


Comment By: Raymond Hettinger (rhettinger)
Date: 2005-07-19 01:07

Logged In: YES 

Technically, the patch is fine and it is the way the code
should have been written in the first place.

Please bring-up on python-dev to determine whether it should
be done.  I can imagine that a fair amount of existing code
has through trial and error discovered the ValueError and
chosen to catch that.  Changing the exception may
unnecessarily break people's code.  Sometimes we  take that
step when it needs to be done, but there should be a good
pay-off and, in this case, I don't see it.

You may also want to mention it on comp.lang.python to see
if anyone cares

If the patch goes forward, see if you can mock-up a test
that triggers the exception so we have a good unittest.

In anycase, this should not be backported (we avoid giving
people reasons to not upgrade).


Comment By: Georg Brandl (birkenfeld)
Date: 2005-07-18 19:34

Logged In: YES 

Attaching patch which does what agwego said

Please review.


Comment By: agwego (agwego)
Date: 2005-02-28 16:53

Logged In: YES 

I've run into this problem in conjunction with mod_python
3.1.4 (and although the problem is caused in mod_python) my
python skills aren't up to the task. Which leaves me with
fixing httplib. Although the above patch works when it comes
to end of file situations, I think it would be better to
return what has been consumed so far and leave it at that. A
few lines down there's a comment about consuming trailers,
this is the case that is tripping up httplib as far as I can
tell. This is happening in Python 2.3.4.

--- packages/Python-2.3.4/Lib/httplib.py        Sun Nov  2
11:51:38 2003
+++ httplib.py  Mon Feb 28 11:26:48 2005
@@ -423,7 +423,11 @@
                 i = line.find(';')
                 if i >= 0:
                     line = line[:i] # strip chunk-extensions
-                chunk_left = int(line, 16)
+                try:
+                    chunk_left = int(line, 16)
+                except ValueError, msg:
+                    self.close()
+                    return value
                 if chunk_left == 0:
             if amt is None:


You can respond by visiting: 

More information about the Patches mailing list