You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Waitress incorrectly calculates header_bytes_received when headers are sent in more than one chunk. Issue is related to following code in parser.py
ifindex>=0:
# If the headers have ended, and we also have part of the body# message in data we still want to validate we aren't going# over our limit for received headers.self.header_bytes_received+=indexconsumed=datalen- (len(s) -index)
else:
self.header_bytes_received+=datalenconsumed=datalen
Length of data from chunk first to n - 1 (n is last) is added to header_bytes_received and when finally end of headers is is found in last chunk the header_bytes_received is incremented by size of all headers. This means that length of chunks from 1 to n - 1 is counted twice in header_bytes_received.
I think that if end of headers is found, header_bytes_received should be set to position of end of headers (index).
To reproduce this issue following code can be used.
Server:
Currently this code produces 431 HTTP error when it should work because sent headers are smaller than 200 (161 bytes)
HTTP/1.0 431 Request Header Fields Too Large
Connection: close
Content-Length: 91
Content-Type: text/plain
Date: Tue, 22 Mar 2022 12:01:39 GMT
Server: waitress
Request Header Fields Too Large
exceeds max_header of 200
(generated by waitress)
The text was updated successfully, but these errors were encountered:
Waitress incorrectly calculates
header_bytes_received
when headers are sent in more than one chunk. Issue is related to following code in parser.pyLength of data from chunk first to n - 1 (n is last) is added to
header_bytes_received
and when finally end of headers is is found in last chunk theheader_bytes_received
is incremented by size of all headers. This means that length of chunks from 1 to n - 1 is counted twice inheader_bytes_received
.I think that if end of headers is found,
header_bytes_received
should be set to position of end of headers (index).To reproduce this issue following code can be used.
Server:
Client:
Currently this code produces 431 HTTP error when it should work because sent headers are smaller than 200 (161 bytes)
The text was updated successfully, but these errors were encountered: