From fa94f705293f2cfb083676324a1fec1dcca095f8 Mon Sep 17 00:00:00 2001 From: Jason Myers Date: Tue, 30 May 2023 20:42:13 -0500 Subject: [PATCH] Updating Content-Length Handling Signed-off-by: Jason Myers --- gunicorn/http/message.py | 5 ++++- tests/requests/invalid/022.http | 3 +++ tests/requests/invalid/022.py | 5 +++++ tests/requests/invalid/023.http | 3 +++ tests/requests/invalid/023.py | 5 +++++ tests/requests/invalid/024.http | 3 +++ tests/requests/invalid/024.py | 5 +++++ 7 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 tests/requests/invalid/022.http create mode 100644 tests/requests/invalid/022.py create mode 100644 tests/requests/invalid/023.http create mode 100644 tests/requests/invalid/023.py create mode 100644 tests/requests/invalid/024.http create mode 100644 tests/requests/invalid/024.py diff --git a/gunicorn/http/message.py b/gunicorn/http/message.py index 64b2060c..1f93c714 100644 --- a/gunicorn/http/message.py +++ b/gunicorn/http/message.py @@ -139,7 +139,10 @@ class Message(object): self.body = Body(ChunkedReader(self, self.unreader)) elif content_length is not None: try: - content_length = int(content_length) + if str(content_length).isnumeric(): + content_length = int(content_length) + else: + raise InvalidHeader("CONTENT-LENGTH", req=self) except ValueError: raise InvalidHeader("CONTENT-LENGTH", req=self) diff --git a/tests/requests/invalid/022.http b/tests/requests/invalid/022.http new file mode 100644 index 00000000..521c7a06 --- /dev/null +++ b/tests/requests/invalid/022.http @@ -0,0 +1,3 @@ +GET /first HTTP/1.0\r\n +Content-Length: -0\r\n +\r\n \ No newline at end of file diff --git a/tests/requests/invalid/022.py b/tests/requests/invalid/022.py new file mode 100644 index 00000000..95b0581a --- /dev/null +++ b/tests/requests/invalid/022.py @@ -0,0 +1,5 @@ +from gunicorn.config import Config +from gunicorn.http.errors import InvalidHeader + +cfg = Config() +request = InvalidHeader diff --git a/tests/requests/invalid/023.http b/tests/requests/invalid/023.http new file mode 100644 index 00000000..c672f789 --- /dev/null +++ b/tests/requests/invalid/023.http @@ -0,0 +1,3 @@ +GET /first HTTP/1.0\r\n +Content-Length: 0_1\r\n +\r\n \ No newline at end of file diff --git a/tests/requests/invalid/023.py b/tests/requests/invalid/023.py new file mode 100644 index 00000000..95b0581a --- /dev/null +++ b/tests/requests/invalid/023.py @@ -0,0 +1,5 @@ +from gunicorn.config import Config +from gunicorn.http.errors import InvalidHeader + +cfg = Config() +request = InvalidHeader diff --git a/tests/requests/invalid/024.http b/tests/requests/invalid/024.http new file mode 100644 index 00000000..31c062fa --- /dev/null +++ b/tests/requests/invalid/024.http @@ -0,0 +1,3 @@ +GET /first HTTP/1.0\r\n +Content-Length: +1\r\n +\r\n \ No newline at end of file diff --git a/tests/requests/invalid/024.py b/tests/requests/invalid/024.py new file mode 100644 index 00000000..95b0581a --- /dev/null +++ b/tests/requests/invalid/024.py @@ -0,0 +1,5 @@ +from gunicorn.config import Config +from gunicorn.http.errors import InvalidHeader + +cfg = Config() +request = InvalidHeader