[New-bugs-announce] [issue16083] HTTPServer does not correctly handle bad headers
Michele Orrù
report at bugs.python.org
Fri Sep 28 12:54:02 CEST 2012
New submission from Michele Orrù:
Sending a "GET /\0" causes a TypeEror to be raised and the connection to be unexpectedly closed.
$ python -m SimpleHTTPServer 8000
$ printf "GET /\00" | nc localhost 8000
TypeError: must be encoded string without NULL bytes, not str
----------------------------------------
I think raising a 400 error should be fine. Also, shouldn't the error message contain a repr(string)?
[From http://corte.si/posts/code/pathod/pythonservers/index.html]
----------
components: Library (Lib)
messages: 171435
nosy: maker
priority: normal
severity: normal
status: open
title: HTTPServer does not correctly handle bad headers
type: security
versions: Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16083>
_______________________________________
More information about the New-bugs-announce
mailing list