diff options
author | Tim Burke <tim.burke@gmail.com> | 2016-08-08 12:34:39 -0700 |
---|---|---|
committer | Sergey Shepelev <temotor@gmail.com> | 2016-08-09 00:34:39 +0500 |
commit | c7e56d6b37d46c55293226c3c909d9fe3cfe70a2 (patch) | |
tree | 11296e056aff4e7d1014b4ccc65f8bdfae1a0e8d | |
parent | 8e92d15d266b78720d4cc780cd2878377dcf7775 (diff) | |
download | eventlet-c7e56d6b37d46c55293226c3c909d9fe3cfe70a2.tar.gz |
wsgi: 400 on blank Content-Length headers (GH-334)
Previously, a client sending a blank Content-Length header would trigger
a `ValueError` in `Input.__init__`, preventing a response from being sent.
Now, blank Content-Length headers will be treated like non-integer
values, and a `400 Bad Request` response will be sent.
https://github.com/eventlet/eventlet/pull/334
-rw-r--r-- | eventlet/wsgi.py | 2 | ||||
-rw-r--r-- | tests/wsgi_test.py | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/eventlet/wsgi.py b/eventlet/wsgi.py index 9d02d12..edc5486 100644 --- a/eventlet/wsgi.py +++ b/eventlet/wsgi.py @@ -366,7 +366,7 @@ class HttpProtocol(BaseHTTPServer.BaseHTTPRequestHandler): self.rfile = orig_rfile content_length = self.headers.get('content-length') - if content_length: + if content_length is not None: try: int(content_length) except ValueError: diff --git a/tests/wsgi_test.py b/tests/wsgi_test.py index 3d2f11f..48f5836 100644 --- a/tests/wsgi_test.py +++ b/tests/wsgi_test.py @@ -714,6 +714,20 @@ class TestHttpd(_TestBase): assert b'400 Bad Request' in result, result assert b'500' not in result, result + sock = eventlet.connect(self.server_addr) + sock.sendall(b'GET / HTTP/1.0\r\nHost: localhost\r\nContent-length:\r\n\r\n') + result = recvall(sock) + assert result.startswith(b'HTTP'), result + assert b'400 Bad Request' in result, result + assert b'500' not in result, result + + sock = eventlet.connect(self.server_addr) + sock.sendall(b'GET / HTTP/1.0\r\nHost: localhost\r\nContent-length: \r\n\r\n') + result = recvall(sock) + assert result.startswith(b'HTTP'), result + assert b'400 Bad Request' in result, result + assert b'500' not in result, result + def test_024_expect_100_continue(self): def wsgi_app(environ, start_response): if int(environ['CONTENT_LENGTH']) > 1024: |