You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There's at least one code path that throws an IOError when receiving a truncated POST request. It happens when using chunked encoding and one of the chunks is truncated.
I will implement the suggested behaviour (raising IOError) - unless Denis objects.
Denis?
maluke said, at 2011-10-14T21:23:15.000Z:
You can just borrow code from webob.
Denis.Bilenko said, at 2011-10-15T05:08:39.000Z:
I think raising IOError on truncated POST request is fine.
schmir said, at 2011-10-26T21:17:18.000Z:
IOErrors are now being raised by the Input class on truncated requests...
The text was updated successfully, but these errors were encountered:
What steps will reproduce the problem?
What is the expected output?
There should be some kind of exception or treatment that makes the app aware of the fact that the request is malformed.
What do you see instead?
Absolutely no warning from gevent.
Infinite loop when the app tries to read wsgi.input according to CONTENT_LENGTH
What version of the gevent are you using?
gevent-0.13.6
What version of libevent are you using?
On what operating system?
Debian and Ubuntu (GNU/Linux)
On what Python?
tested with 2.6 and 2.7
Notes:
The test app may look naive, but actually reproduces the behavior of many web frameworks.
There should be an exception that lets the app know that the POST or PUT request is malformed. This is a serious security issue.
Reported by bezverky.
earlier comments
schmir said, at 2011-10-14T21:20:48.000Z:
There's at least one code path that throws an IOError when receiving a truncated POST request. It happens when using chunked encoding and one of the chunks is truncated. I will implement the suggested behaviour (raising IOError) - unless Denis objects.
Denis?
maluke said, at 2011-10-14T21:23:15.000Z:
You can just borrow code from webob.
Denis.Bilenko said, at 2011-10-15T05:08:39.000Z:
I think raising IOError on truncated POST request is fine.
schmir said, at 2011-10-26T21:17:18.000Z:
IOErrors are now being raised by the Input class on truncated requests...
The text was updated successfully, but these errors were encountered: