Ticket #941 (defect)
Opened 9 months ago
Last modified 8 months ago
a broken HTTP header from IE7 triggers a python error
Status: closed (wontfix)
| Reported by: | guest | Assigned to: | fumanchu |
|---|---|---|---|
| Priority: | normal | Milestone: | 3.2 |
| Component: | wsgiserver | Keywords: | |
| Cc: | stefantalpalaru@yahoo.com |
A page refresh in IE7 (version number 7.0.6001) behind an ISP proxy in Singapore has a header with a malformed line: "Re, 1.2.3.4#015#012" where 1.2.3.4 is the client IP. This breaks the multiple assignment in HTTPRequest.read_headers():
k, v = line.split(":", 1)
since it's trying to assign a list with one item to 2 variables. The cryptic error is "ValueError?: need more than 1 value to unpack". My solution is to enclose the problem code in a 'try' block and issue a 'continue' on failure.
Attachments
Change History
07/02/09 14:08:49: Modified by stefantalpalaru@yahoo.com
- attachment fix_broken_header.patch added.
07/02/09 14:58:30: Modified by guest
- cc set to stefantalpalaru@yahoo.com.
07/04/09 12:52:20: Modified by fumanchu
- description changed.
- milestone set to 3.2.
08/04/09 23:20:29: Modified by fumanchu
- status changed from new to closed.
- resolution set to wontfix.
This is too big a security hole to allow IMO. Cf http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0281.html etcetera.
08/04/09 23:30:41: Modified by stefantalpalaru@yahoo.com
The provided link is not relevant. This is a broken header sent by a browser. It cannot be blamed for a hypothetical cache poisoning in squid.
patch