Commit32233d6

miss-islington

and

picnixz

authored

[3.14]gh-70765: avoid waiting for HTTP headers when parsing HTTP/0.9 requests (GH-139514) (#139600)

(cherry picked from commit13dc2fd)(cherry picked from commit1fe89d3)Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>

1 parent297157d commit32233d6Copy full SHA for 32233d6

File tree

3 files changed

+51

-0

lines changed

Lib
- http
  - server.py
- test
  - test_httpservers.py
Misc/NEWS.d/next/Library
- 2025-10-02-17-40-10.gh-issue-70765.zVlLZn.rst

3 files changed

+51

-0

lines changed

`‎Lib/http/server.py‎`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -324,6 +324,7 @@ def parse_request(self):`
`324`	`324`	`error response has already been sent back.`
`325`	`325`
`326`	`326`	`"""`
	`327`	`+is_http_0_9=False`
`327`	`328`	`self.command=None# set in case of error on the first line`
`328`	`329`	`self.request_version=version=self.default_request_version`
`329`	`330`	`self.close_connection=True`
`@@ -381,6 +382,7 @@ def parse_request(self):`
`381`	`382`	`HTTPStatus.BAD_REQUEST,`
`382`	`383`	`"Bad HTTP/0.9 request type (%r)"%command)`
`383`	`384`	`returnFalse`
	`385`	`+is_http_0_9=True`
`384`	`386`	`self.command,self.path=command,path`
`385`	`387`
`386`	`388`	`# gh-87389: The purpose of replacing '//' with '/' is to protect`
`@@ -390,6 +392,11 @@ def parse_request(self):`
`390`	`392`	`ifself.path.startswith('//'):`
`391`	`393`	`self.path='/'+self.path.lstrip('/')# Reduce to a single /`
`392`	`394`
	`395`	`+# For HTTP/0.9, headers are not expected at all.`
	`396`	`+ifis_http_0_9:`
	`397`	`+self.headers= {}`
	`398`	`+returnTrue`
	`399`	`+`
`393`	`400`	`# Examine the headers and look for a Connection directive.`
`394`	`401`	`try:`
`395`	`402`	`self.headers=http.client.parse_headers(self.rfile,`

`‎Lib/test/test_httpservers.py‎`

Lines changed: 39 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`SimpleHTTPRequestHandler,CGIHTTPRequestHandler`
`9`	`9`	`fromhttpimportserver,HTTPStatus`
`10`	`10`
	`11`	`+importcontextlib`
`11`	`12`	`importos`
`12`	`13`	`importsocket`
`13`	`14`	`importsys`
`@@ -359,6 +360,44 @@ def test_head_via_send_error(self):`
`359`	`360`	`self.assertEqual(b'',data)`
`360`	`361`
`361`	`362`
	`363`	`+classHTTP09ServerTestCase(BaseTestCase):`
	`364`	`+`
	`365`	`+classrequest_handler(NoLogRequestHandler,BaseHTTPRequestHandler):`
	`366`	`+"""Request handler for HTTP/0.9 server."""`
	`367`	`+`
	`368`	`+defdo_GET(self):`
	`369`	`+self.wfile.write(f'OK: here is{self.path}\r\n'.encode())`
	`370`	`+`
	`371`	`+defsetUp(self):`
	`372`	`+super().setUp()`
	`373`	`+self.sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)`
	`374`	`+self.sock=self.enterContext(self.sock)`
	`375`	`+self.sock.connect((self.HOST,self.PORT))`
	`376`	`+`
	`377`	`+deftest_simple_get(self):`
	`378`	`+self.sock.send(b'GET /index.html\r\n')`
	`379`	`+res=self.sock.recv(1024)`
	`380`	`+self.assertEqual(res,b"OK: here is /index.html\r\n")`
	`381`	`+`
	`382`	`+deftest_invalid_request(self):`
	`383`	`+self.sock.send(b'POST /index.html\r\n')`
	`384`	`+res=self.sock.recv(1024)`
	`385`	`+self.assertIn(b"Bad HTTP/0.9 request type ('POST')",res)`
	`386`	`+`
	`387`	`+deftest_single_request(self):`
	`388`	`+self.sock.send(b'GET /foo.html\r\n')`
	`389`	`+res=self.sock.recv(1024)`
	`390`	`+self.assertEqual(res,b"OK: here is /foo.html\r\n")`
	`391`	`+`
	`392`	`+# Ignore errors if the connection is already closed,`
	`393`	`+# as this is the expected behavior of HTTP/0.9.`
	`394`	`+withcontextlib.suppress(OSError):`
	`395`	`+self.sock.send(b'GET /bar.html\r\n')`
	`396`	`+res=self.sock.recv(1024)`
	`397`	`+# The server should not process our request.`
	`398`	`+self.assertEqual(res,b'')`
	`399`	`+`
	`400`	`+`
`362`	`401`	`defcertdata_file(*path):`
`363`	`402`	`returnos.path.join(os.path.dirname(__file__),"certdata",*path)`
`364`	`403`

`‎Misc/NEWS.d/next/Library/2025-10-02-17-40-10.gh-issue-70765.zVlLZn.rst‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,5 @@`
	`1`	+:mod:`http.server`: fix default handling of HTTP/0.9 requests in
	`2`	+:class:`~http.server.BaseHTTPRequestHandler`. Previously,
	`3`	+:meth:`!BaseHTTPRequestHandler.parse_request`` incorrectly
	`4`	`+waited for headers in the request although those are not`
	`5`	`+supported in HTTP/0.9. Patch by Bénédikt Tran.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit32233d6

File tree

3 files changed

3 files changed

`‎Lib/http/server.py‎`

`‎Lib/test/test_httpservers.py‎`

`‎Misc/NEWS.d/next/Library/2025-10-02-17-40-10.gh-issue-70765.zVlLZn.rst‎`

0 commit comments