[issue7013] Httplib read routine is not tolerant to not well-formed chunked http responses.

Andrei Korostelev report at bugs.python.org
Mon Sep 28 18:40:31 CEST 2009 

New submission from Andrei Korostelev <andrei at korostelev.net>:

HTTPResponse._read_chunked cannot handle "slightly" ill-formed HTTP
response not ended with 0 chunk-size. I did not make an analysis what
type of webservers generate such responses, but one of them is bing.com
(former msn.com).

Example correct chunked http response:

HTTP/1.1 200 OK
Content-Type: text/plain
Transfer-Encoding: chunked

B
first chunk

A
last chunk

0

Example chunked http rsponse not ended with zero length:

HTTP/1.1 200 OK
Content-Type: text/plain
Transfer-Encoding: chunked

B
first chunk

A
last chunk


Suggested solution: when an empty line is met where a hexadecimal
chunk-size is expected, treat it as the end of HTTP response. 

--- C:\Python25\Lib\httplib.py.orig	2008-02-12 20:48:24.000000000 +-0200
+++ C:\Python25\Lib\httplib.py.patched	2009-09-28 18:30:33.000000000 +-0200
@@ -542,12 +542,16 @@
         while True:
             if chunk_left is None:
                 line = self.fp.readline()
                 i = line.find(';')
                 if i >= 0:
                     line = line[:i] # strip chunk-extensions
+                # handle ill-formed response not ended with 0 chunk-size
+                line = line.strip()
+                if not line:
+                    break
                 chunk_left = int(line, 16)
                 if chunk_left == 0:
                     break
             if amt is None:
                 value += self._safe_read(chunk_left)
             elif amt < chunk_left:

Attached patches for Python-2.5, Python-2.6 and Python-3.1.

----------
components: Library (Lib)
files: httplib.python-2.5.diff
keywords: patch
messages: 93215
nosy: Andrei Korostelev
severity: normal
status: open
title: Httplib read routine is not tolerant to not well-formed chunked http responses.
type: behavior
versions: Python 2.5, Python 2.6, Python 3.1
Added file: http://bugs.python.org/file14988/httplib.python-2.5.diff

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue7013>
_______________________________________

More information about the Python-bugs-list mailing list