New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gunicorn fails with a 500, instead of a 400, when a request path is a malformed IPv6 address #1023

Closed
alex opened this Issue May 9, 2015 · 2 comments

Comments

Projects
None yet
2 participants
@alex
Contributor

alex commented May 9, 2015

Request:

~/.v/tempenv-701523535780 $ telnet localhost 8000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
PUT ///]ufd/: HTTP/1.1
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Type: text/html
Content-Length: 141

<html>
  <head>
    <title>Internal Server Error</title>
  </head>
  <body>
    <h1><p>Internal Server Error</p></h1>

  </body>
</html>
Connection closed by foreign host.

Server:

(tempenv-027621611529f) ~/.v/tempenv-701523535780 $ gunicorn w:f
[2015-05-09 11:53:50 -0400] [75550] [INFO] Starting gunicorn 19.3.0
[2015-05-09 11:53:50 -0400] [75550] [INFO] Listening at: http://127.0.0.1:8000 (75550)
[2015-05-09 11:53:50 -0400] [75550] [INFO] Using worker: sync
[2015-05-09 11:53:50 -0400] [75567] [INFO] Booting worker with pid: 75567
[2015-05-09 11:54:44 -0400] [75567] [ERROR] Error handling request
Traceback (most recent call last):
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 129, in handle
    req = six.next(parser)
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/parser.py", line 41, in __next__
    self.mesg = self.mesg_class(self.cfg, self.unreader, self.req_count)
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/message.py", line 153, in __init__
    super(Request, self).__init__(cfg, unreader)
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/message.py", line 53, in __init__
    unused = self.parse(self.unreader)
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/message.py", line 177, in parse
    self.parse_request_line(bytes_to_str(line))
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/message.py", line 326, in parse_request_line
    parts = urlsplit(self.uri)
  File "/Users/alex_gaynor/.pyenv/versions/2.7.9/lib/python2.7/urlparse.py", line 214, in urlsplit
    raise ValueError("Invalid IPv6 URL")
ValueError: Invalid IPv6 URL

This should result in a 400 bad request, not a 500.

(This was found using the AFL fuzzer)

@berkerpeksag

This comment has been minimized.

Show comment
Hide comment
@berkerpeksag

berkerpeksag May 9, 2015

Collaborator

Thanks for the report! PR #1024 should fix this.

PUT ///]ufd/: HTTP/1.1
HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 195

<html>
  <head>
    <title>Bad Request</title>
  </head>
  <body>
    <h1><p>Bad Request</p></h1>
    Invalid Request Line 'Invalid HTTP request line: 'PUT ///]ufd/: HTTP/1.1''
  </body>
</html>
Connection closed by foreign host.
Collaborator

berkerpeksag commented May 9, 2015

Thanks for the report! PR #1024 should fix this.

PUT ///]ufd/: HTTP/1.1
HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 195

<html>
  <head>
    <title>Bad Request</title>
  </head>
  <body>
    <h1><p>Bad Request</p></h1>
    Invalid Request Line 'Invalid HTTP request line: 'PUT ///]ufd/: HTTP/1.1''
  </body>
</html>
Connection closed by foreign host.
@alex

This comment has been minimized.

Show comment
Hide comment
@alex

alex May 9, 2015

Contributor

cool!

Contributor

alex commented May 9, 2015

cool!

berkerpeksag added a commit to berkerpeksag/gunicorn that referenced this issue May 9, 2015

berkerpeksag added a commit to berkerpeksag/gunicorn that referenced this issue May 9, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment