[Python-bugs-list] [ python-Bugs-676292 ] BaseHTTPServer incorrectly parses protocol

SourceForge.net noreply@sourceforge.net
Wed, 29 Jan 2003 16:12:41 -0800 

Bugs item #676292, was opened at 2003-01-28 12:38
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=676292&group_id=5470

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Andrew Dalke (dalke)
Assigned to: Nobody/Anonymous (nobody)
Summary: BaseHTTPServer incorrectly parses protocol

Initial Comment:
The code in
BaseHTTPServer.BaseHTTPRequestHandler.parse_request says

            try:
                version_number =
float(version.split('/', 1)[1])
            except ValueError:
                self.send_error(400, "Bad request
version (%s)" % `version`)
                return False
            if version_number >= 1.1 and
self.protocol_version >= "HTTP/1.1":
                self.close_connection = 0
            if version_number >= 2.0:
                self.send_error(505,
                                "Invalid HTTP Version
(%f)" % version_number)

This does not agree with the HTTP/1.1 spec which states

Note that the major and minor numbers MUST be treated
as separate
integers and that each MAY be incremented higher than a
single
digit. Thus, HTTP/2.4 is a lower version than
HTTP/2.13, which in turn
is lower than HTTP/12.3. Leading zeros MUST be ignored
by recipients
and MUST NOT be sent.

I also noticed there were errors if the version string
was "HTTP/1.2.3" or even simply "BLAH".  I've fixed
them so they don't give tracebacks.

Finally, if there is an error in the parsing, it calls
the 'send_error'
method, which does a check if 'self.command' is a HEAD.
 However,
if there's an error parsing the first line of the HTTP
request the
self.command wasn't yet set, so I forced self.command
to initialized to None before doing anything which can
yield an error.

Patch is attached.



----------------------------------------------------------------------

>Comment By: Andrew Dalke (dalke)
Date: 2003-01-29 17:12

Message:
Logged In: YES 
user_id=190903

Silly interface.  Okay, should be attached now.


----------------------------------------------------------------------

Comment By: Neal Norwitz (nnorwitz)
Date: 2003-01-29 14:22

Message:
Logged In: YES 
user_id=33168

There's no uploaded file!  You have to check the
checkbox labeled "Check to Upload & Attach File"
when you upload a file.

Please try again.

(This is a SourceForge annoyance that we can do
nothing about. :-( )

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=676292&group_id=5470