Author Lukasa
Recipients Lukasa
Date 2013-12-16.11:55:44
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1387194945.4.0.440069571587.issue19996@psf.upfronthosting.co.za>
In-reply-to
Content
Initially spotted on Requests GitHub bugtracker: https://github.com/kennethreitz/requests/issues/1804

On receiving an HTTP response with an invalid header, httplib stops parsing the headers and attempts to receive the rest of the message as body content. Normally that would be fine, but problems occur if later on in the headers "Transfer-Encoding: chunked" is declared. This leads to a hang while reading the body content until the remote end forcibly closes the connection.

This bug certainly affects versions 2.7 through 3.3.

To reproduce (note that we need to request gzip to get the server to send the bad header):

    import http.client
    h = http.client.HTTPConnection('www.sainsburysbank.co.uk')
    h.request('GET', '/', headers={'Accept-Encoding': 'gzip'})
    r = h.getresponse()
    hdrs = r.getheaders()
    body = r.read()  # Hang here.

cURL configured equivalently doesn't exhibit this problem, that is the following works fine:

curl --compressed http://www.sainsburysbank.co.uk/


It's not clear to me that this behaviour is wrong. The server is definitely violating RFC 2616 which expressly forbids empty header names. I'm open to consultation about what the correct fix should be here (which may be nothing at all).
History
Date User Action Args
2013-12-16 11:55:45Lukasasetrecipients: + Lukasa
2013-12-16 11:55:45Lukasasetmessageid: <1387194945.4.0.440069571587.issue19996@psf.upfronthosting.co.za>
2013-12-16 11:55:45Lukasalinkissue19996 messages
2013-12-16 11:55:44Lukasacreate