Upon receiving invalid Content-Length bail

Instead of attempting to continue processing the request, we instead raise a ParsingError and return a HTTP Bad Request to the client. This also catches the case where two Content-Length's are sent, and are folded together using HTTP header folding.
author: Bert JW Regeer <bertjw@regeer.org> 2019-12-12 18:19:40 -0800
committer: Bert JW Regeer <bertjw@regeer.org> 2019-12-19 15:59:58 +0100
commit: 575994cd42e83fd772a5f7ec98b2c56751bd3f65 (patch)
tree: 4378d7cb76c1985641a52d1f4fa599d3677abf89
parent: 804e3133a54088fc879c5e791bbe14bb8eb625f9 (diff)
download: waitress-575994cd42e83fd772a5f7ec98b2c56751bd3f65.tar.gz
2 files changed, 23 insertions, 3 deletions
diff --git a/waitress/parser.py b/waitress/parser.py
index e2970cb..c537964 100644
--- a/waitress/parser.py
+++ b/waitress/parser.py
@@ -254,7 +254,8 @@ class HTTPRequestParser(object):
             try:
                 cl = int(headers.get("CONTENT_LENGTH", 0))
             except ValueError:
-                cl = 0
+                raise ParsingError("Content-Length is invalid")
+
             self.content_length = cl
             if cl > 0:
                 buf = OverflowableBuffer(self.adj.inbuf_overflow)
diff --git a/waitress/tests/test_parser.py b/waitress/tests/test_parser.py
index 463e0b2..aa01d9d 100644
--- a/waitress/tests/test_parser.py
+++ b/waitress/tests/test_parser.py
@@ -167,9 +167,28 @@ class TestHTTPRequestParser(unittest.TestCase):
             self.assertTrue(False)
 
     def test_parse_header_bad_content_length(self):
+        from waitress.parser import ParsingError
+
         data = b"GET /foobar HTTP/8.4\r\ncontent-length: abc\r\n"
-        self.parser.parse_header(data)
-        self.assertEqual(self.parser.body_rcv, None)
+
+        try:
+            self.parser.parse_header(data)
+        except ParsingError as e:
+            self.assertIn("Content-Length is invalid", e.args[0])
+        else:  # pragma: nocover
+            self.assertTrue(False)
+
+    def test_parse_header_multiple_content_length(self):
+        from waitress.parser import ParsingError
+
+        data = b"GET /foobar HTTP/8.4\r\ncontent-length: 10\r\ncontent-length: 20\r\n"
+
+        try:
+            self.parser.parse_header(data)
+        except ParsingError as e:
+            self.assertIn("Content-Length is invalid", e.args[0])
+        else:  # pragma: nocover
+            self.assertTrue(False)
 
     def test_parse_header_11_te_chunked(self):
         # NB: test that capitalization of header value is unimportant
author	Bert JW Regeer <bertjw@regeer.org>	2019-12-12 18:19:40 -0800
committer	Bert JW Regeer <bertjw@regeer.org>	2019-12-19 15:59:58 +0100
commit	575994cd42e83fd772a5f7ec98b2c56751bd3f65 (patch)
tree	4378d7cb76c1985641a52d1f4fa599d3677abf89
parent	804e3133a54088fc879c5e791bbe14bb8eb625f9 (diff)
download	waitress-575994cd42e83fd772a5f7ec98b2c56751bd3f65.tar.gz