From a3d130ae5144bc6e8c8099039982269ca2477b2e Mon Sep 17 00:00:00 2001 From: "Paul J. Dorn" Date: Wed, 31 Jul 2024 18:32:02 +0200 Subject: [PATCH 1/2] gracefully handle chunked encoding missing size Treat it the same as invalid characters where size should be. --- gunicorn/http/body.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gunicorn/http/body.py b/gunicorn/http/body.py index 78f03214..3de84c7c 100644 --- a/gunicorn/http/body.py +++ b/gunicorn/http/body.py @@ -91,6 +91,8 @@ class ChunkedReader(object): chunk_size = chunk_size.rstrip(b" \t") if any(n not in b"0123456789abcdefABCDEF" for n in chunk_size): raise InvalidChunkSize(chunk_size) + if len(chunk_size) == 0: + raise InvalidChunkSize(chunk_size) chunk_size = int(chunk_size, 16) if chunk_size == 0: From cabc666277f0d56d4672f2a9626b2b4904fd4af8 Mon Sep 17 00:00:00 2001 From: "Paul J. Dorn" Date: Wed, 31 Jul 2024 19:21:07 +0200 Subject: [PATCH 2/2] chunked encoding: example invalid requests --- tests/requests/invalid/chunked_12.http | 7 +++++++ tests/requests/invalid/chunked_12.py | 2 ++ tests/requests/invalid/chunked_13.http | 7 +++++++ tests/requests/invalid/chunked_13.py | 2 ++ 4 files changed, 18 insertions(+) create mode 100644 tests/requests/invalid/chunked_12.http create mode 100644 tests/requests/invalid/chunked_12.py create mode 100644 tests/requests/invalid/chunked_13.http create mode 100644 tests/requests/invalid/chunked_13.py diff --git a/tests/requests/invalid/chunked_12.http b/tests/requests/invalid/chunked_12.http new file mode 100644 index 00000000..7ef164eb --- /dev/null +++ b/tests/requests/invalid/chunked_12.http @@ -0,0 +1,7 @@ +POST /chunked_no_chunk_size_but_ext HTTP/1.1\r\n +Transfer-Encoding: chunked\r\n +\r\n + ;foo=bar\r\n +hello\r\n +0\r\n +\r\n diff --git a/tests/requests/invalid/chunked_12.py b/tests/requests/invalid/chunked_12.py new file mode 100644 index 00000000..0571e118 --- /dev/null +++ b/tests/requests/invalid/chunked_12.py @@ -0,0 +1,2 @@ +from gunicorn.http.errors import InvalidChunkSize +request = InvalidChunkSize diff --git a/tests/requests/invalid/chunked_13.http b/tests/requests/invalid/chunked_13.http new file mode 100644 index 00000000..6c26ebb8 --- /dev/null +++ b/tests/requests/invalid/chunked_13.http @@ -0,0 +1,7 @@ +POST /chunked_no_chunk_size HTTP/1.1\r\n +Transfer-Encoding: chunked\r\n +\r\n +\r\n +hello\r\n +0\r\n +\r\n diff --git a/tests/requests/invalid/chunked_13.py b/tests/requests/invalid/chunked_13.py new file mode 100644 index 00000000..0571e118 --- /dev/null +++ b/tests/requests/invalid/chunked_13.py @@ -0,0 +1,2 @@ +from gunicorn.http.errors import InvalidChunkSize +request = InvalidChunkSize