[issue7013] Httplib read routine is not tolerant to not well-formed chunked http responses.
Andrei Korostelev
report at bugs.python.org
Mon Sep 28 18:40:31 CEST 2009
New submission from Andrei Korostelev <andrei at korostelev.net>:
HTTPResponse._read_chunked cannot handle "slightly" ill-formed HTTP
response not ended with 0 chunk-size. I did not make an analysis what
type of webservers generate such responses, but one of them is bing.com
(former msn.com).
Example correct chunked http response:
HTTP/1.1 200 OK
Content-Type: text/plain
Transfer-Encoding: chunked
B
first chunk
A
last chunk
0
Example chunked http rsponse not ended with zero length:
HTTP/1.1 200 OK
Content-Type: text/plain
Transfer-Encoding: chunked
B
first chunk
A
last chunk
Suggested solution: when an empty line is met where a hexadecimal
chunk-size is expected, treat it as the end of HTTP response.
--- C:\Python25\Lib\httplib.py.orig 2008-02-12 20:48:24.000000000 +-0200
+++ C:\Python25\Lib\httplib.py.patched 2009-09-28 18:30:33.000000000 +-0200
@@ -542,12 +542,16 @@
while True:
if chunk_left is None:
line = self.fp.readline()
i = line.find(';')
if i >= 0:
line = line[:i] # strip chunk-extensions
+ # handle ill-formed response not ended with 0 chunk-size
+ line = line.strip()
+ if not line:
+ break
chunk_left = int(line, 16)
if chunk_left == 0:
break
if amt is None:
value += self._safe_read(chunk_left)
elif amt < chunk_left:
Attached patches for Python-2.5, Python-2.6 and Python-3.1.
----------
components: Library (Lib)
files: httplib.python-2.5.diff
keywords: patch
messages: 93215
nosy: Andrei Korostelev
severity: normal
status: open
title: Httplib read routine is not tolerant to not well-formed chunked http responses.
type: behavior
versions: Python 2.5, Python 2.6, Python 3.1
Added file: http://bugs.python.org/file14988/httplib.python-2.5.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue7013>
_______________________________________
More information about the Python-bugs-list
mailing list