1. cherrypy
  2. CherryPy
Issue #1126 duplicate

Boundary condition in readline() in SizeCheckWrapper in wsgiserver3.py

created an issue

Summary: Bug causes incorrect parsing of headers when they end on a 256 byte boundary, with simple one character fix.

At the end of the following chunk of code the "\n" needs to be a byte string ( b"\n" ) to be able to match against the byte string in the data variable. This is a new variant of bugs #379 and #421 due to new versions of python having byte strings not compare equal to regular strings.

Bug is present in release version 3.2.2 of CherryPy...except wsgiserver3.py is missing in the windows download as mentioned in bug #1110.

Source from readline() in SizeCheckWrapper in wsgiserver3.py:



    # User didn't specify a size ...
    # We read the line in chunks to make sure it's not a 100MB line !
    res = []
    while True:
        data = self.rfile.readline(256)
        self.bytes_read += len(data)
        # See http://www.cherrypy.org/ticket/421

        # Please replace this:
        #if len(data) < 256 or data[-1:] == "\n":

        # with this:
        if len(data) < 256 or data[-1:] == b"\n":

            return EMPTY.join(res)


Comments (3)

  1. nikow

    This issue actually means that the CherryPy 3.2.2 server is currently broken under Python 3. Any request where the first line is 256 characters long will fail with a 400 error, since the next line with the HOST information gets lost!

    The fact that this only occurs for specific requests makes this harder to debug, but no less serious. So I changed this to "blocker", especially given that the fix is trivial.

    I'd also suggest to simply replace "\n" with LF (instead of the solution above).

  2. Log in to comment