Message 206294 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Lukasa
Recipients	Lukasa
Date	2013-12-16.11:55:44
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1387194945.4.0.440069571587.issue19996@psf.upfronthosting.co.za>
In-reply-to

Content
Initially spotted on Requests GitHub bugtracker: https://github.com/kennethreitz/requests/issues/1804 On receiving an HTTP response with an invalid header, httplib stops parsing the headers and attempts to receive the rest of the message as body content. Normally that would be fine, but problems occur if later on in the headers "Transfer-Encoding: chunked" is declared. This leads to a hang while reading the body content until the remote end forcibly closes the connection. This bug certainly affects versions 2.7 through 3.3. To reproduce (note that we need to request gzip to get the server to send the bad header): import http.client h = http.client.HTTPConnection('www.sainsburysbank.co.uk') h.request('GET', '/', headers={'Accept-Encoding': 'gzip'}) r = h.getresponse() hdrs = r.getheaders() body = r.read() # Hang here. cURL configured equivalently doesn't exhibit this problem, that is the following works fine: curl --compressed http://www.sainsburysbank.co.uk/ It's not clear to me that this behaviour is wrong. The server is definitely violating RFC 2616 which expressly forbids empty header names. I'm open to consultation about what the correct fix should be here (which may be nothing at all).

Initially spotted on Requests GitHub bugtracker: https://github.com/kennethreitz/requests/issues/1804

On receiving an HTTP response with an invalid header, httplib stops parsing the headers and attempts to receive the rest of the message as body content. Normally that would be fine, but problems occur if later on in the headers "Transfer-Encoding: chunked" is declared. This leads to a hang while reading the body content until the remote end forcibly closes the connection.

This bug certainly affects versions 2.7 through 3.3.

To reproduce (note that we need to request gzip to get the server to send the bad header):

    import http.client
    h = http.client.HTTPConnection('www.sainsburysbank.co.uk')
    h.request('GET', '/', headers={'Accept-Encoding': 'gzip'})
    r = h.getresponse()
    hdrs = r.getheaders()
    body = r.read()  # Hang here.

cURL configured equivalently doesn't exhibit this problem, that is the following works fine:

curl --compressed http://www.sainsburysbank.co.uk/


It's not clear to me that this behaviour is wrong. The server is definitely violating RFC 2616 which expressly forbids empty header names. I'm open to consultation about what the correct fix should be here (which may be nothing at all).

History
Date	User	Action	Args
2013-12-16 11:55:45	Lukasa	set	recipients: + Lukasa
2013-12-16 11:55:45	Lukasa	set	messageid: <1387194945.4.0.440069571587.issue19996@psf.upfronthosting.co.za>
2013-12-16 11:55:45	Lukasa	link	issue19996 messages
2013-12-16 11:55:44	Lukasa	create