[Python-bugs-list] [ python-Bugs-676292 ] BaseHTTPServer incorrectly parses protocol
SourceForge.net
noreply@sourceforge.net
Wed, 29 Jan 2003 16:12:41 -0800
Bugs item #676292, was opened at 2003-01-28 12:38
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=676292&group_id=5470
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Andrew Dalke (dalke)
Assigned to: Nobody/Anonymous (nobody)
Summary: BaseHTTPServer incorrectly parses protocol
Initial Comment:
The code in
BaseHTTPServer.BaseHTTPRequestHandler.parse_request says
try:
version_number =
float(version.split('/', 1)[1])
except ValueError:
self.send_error(400, "Bad request
version (%s)" % `version`)
return False
if version_number >= 1.1 and
self.protocol_version >= "HTTP/1.1":
self.close_connection = 0
if version_number >= 2.0:
self.send_error(505,
"Invalid HTTP Version
(%f)" % version_number)
This does not agree with the HTTP/1.1 spec which states
Note that the major and minor numbers MUST be treated
as separate
integers and that each MAY be incremented higher than a
single
digit. Thus, HTTP/2.4 is a lower version than
HTTP/2.13, which in turn
is lower than HTTP/12.3. Leading zeros MUST be ignored
by recipients
and MUST NOT be sent.
I also noticed there were errors if the version string
was "HTTP/1.2.3" or even simply "BLAH". I've fixed
them so they don't give tracebacks.
Finally, if there is an error in the parsing, it calls
the 'send_error'
method, which does a check if 'self.command' is a HEAD.
However,
if there's an error parsing the first line of the HTTP
request the
self.command wasn't yet set, so I forced self.command
to initialized to None before doing anything which can
yield an error.
Patch is attached.
----------------------------------------------------------------------
>Comment By: Andrew Dalke (dalke)
Date: 2003-01-29 17:12
Message:
Logged In: YES
user_id=190903
Silly interface. Okay, should be attached now.
----------------------------------------------------------------------
Comment By: Neal Norwitz (nnorwitz)
Date: 2003-01-29 14:22
Message:
Logged In: YES
user_id=33168
There's no uploaded file! You have to check the
checkbox labeled "Check to Upload & Attach File"
when you upload a file.
Please try again.
(This is a SourceForge annoyance that we can do
nothing about. :-( )
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=676292&group_id=5470