[Twisted-Python] Check of command leads to Traceback in http.py
Barry Scott
barry.scott at forcepoint.com
Wed Jul 29 10:15:57 MDT 2020
I'm seeing a Traceback in twisted/web/http.py and that lead me to read some of the code.
First question in this code from HTTPChannel.lineReceived() at line 2103 why only
check that the command is ASCII? By spec the whole line must be a subset of ASCII,
is there a good reason to not check that the request and version are ASCII?
We see requests where the first line is binary data in production.
parts = line.split()
if len(parts) != 3:
self._respondToBadRequestAndDisconnect()
return
command, request, version = parts
try:
command.decode("ascii")
except UnicodeDecodeError:
self._respondToBadRequestAndDisconnect()
return
If the code calls self._respondToBadRequestAndDisconnect()
It does not set self._version.
Next there is a call to lineReceived('') and the code Tracebacks when it
access self._version in this code at line 2293:
def allHeadersReceived(self):
req = self.requests[-1]
req.parseCookies()
self.persistent = self.checkPersistence(req, self._version)
Does this look wrong to you?
Also why do you del self._version as an idiom and not set it to None?
Barry
More information about the Twisted-Python
mailing list