Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper parsing of Content-Length #2977

Closed
kenballus opened this issue May 5, 2023 · 1 comment · Fixed by #3003
Closed

Improper parsing of Content-Length #2977

kenballus opened this issue May 5, 2023 · 1 comment · Fixed by #3003
Labels
Feature/Http

Comments

@kenballus
Copy link
Contributor

Description

gunicorn currently parses Content-Length using int. This causes problems because int accepts a lot more than should be acceptable in that content. The biggest problem characters are, '-', '+', and '_'.

Examples

HTTP requests in which gunicorn misinterprets content-length (assume all newlines are CRLF):

Underscore between digits

GET / HTTP/1.1
Connection: close
Host: whatever
Content-Length: 0_1

Plus sign prefix

GET / HTTP/1.1
Connection: close
Host: whatever
Content-Length: +1

Minus sign prefix (only works for 0)

GET / HTTP/1.1
Connection: close
Host: whatever
Content-Length: -0

Solution

The set of things you want to accept in a Content-Length header is not equal to the set of things that can get through int without error. During Content-Length parsing, check that the value is all ASCII digits.

Versions

CPython version: 3.10.11
Gunicorn version: 20.1.0
@benoitc benoitc added this to the 21.0 release milestone May 7, 2023
@jasonamyers jasonamyers mentioned this issue May 31, 2023
Merged
@jasonamyers
Copy link
Contributor

@benoitc I took a shot at this in the attached PR.

@kenballus kenballus mentioned this issue Aug 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature/Http
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Updating Content-Length Handling jasonamyers/gunicorn
3 participants
@benoitc @jasonamyers @kenballus