[Twisted-Python] Check of command leads to Traceback in http.py

Barry Scott barry.scott at forcepoint.com
Wed Jul 29 10:15:57 MDT 2020


I'm seeing a Traceback in twisted/web/http.py and that lead me to read some of the code.

First question in this code from HTTPChannel.lineReceived() at line 2103 why only
check that the command is ASCII? By spec the whole line must be a subset of ASCII,
is there a good reason to not check that the request and version are ASCII?

We see requests where the first line is binary data in production.

            parts = line.split()
            if len(parts) != 3:
                self._respondToBadRequestAndDisconnect()
                return
            command, request, version = parts
            try:
                command.decode("ascii")
            except UnicodeDecodeError:
                self._respondToBadRequestAndDisconnect()
                return

If the code calls self._respondToBadRequestAndDisconnect()
It does not set self._version.

Next there is a call to lineReceived('') and the code Tracebacks when it
access self._version in this code at line 2293:

    def allHeadersReceived(self):
        req = self.requests[-1]
        req.parseCookies()
        self.persistent = self.checkPersistence(req, self._version)

Does this look wrong to you?

Also why do you del self._version as an idiom and not set it to None?

Barry





More information about the Twisted-Python mailing list