[CherryPy] #941: a broken HTTP header from IE7 triggers a python error
0 views
Skip to first unread message
CherryPy
Jul 2, 2009, 3:08:14 PM7/2/09
to cherrypy...@googlegroups.com
#941: a broken HTTP header from IE7 triggers a python error
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: new
Priority: normal | Milestone:
Component: wsgiserver | Keywords:
------------------------+---------------------------------------------------
A page refresh in IE7 (version number 7.0.6001) behind an ISP proxy in
Singapore has a header with a malformed line: "Re, 1.2.3.4#015#012" where
1.2.3.4 is the client IP. This breaks the multiple assignment in
HTTPRequest.read_headers():
k, v = line.split(":", 1)
since it's trying to assign a list with one item to 2 variables. The
cryptic error is "ValueError: need more than 1 value to unpack". My
solution is to enclose the problem code in a 'try' block and issue a
'continue' on failure.
--
Ticket URL: <http://www.cherrypy.org/ticket/941>
CherryPy <http://www.cherrypy.org>
CherryPy - a pythonic, object-oriented HTTP framework
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: new
Priority: normal | Milestone:
Component: wsgiserver | Keywords:
------------------------+---------------------------------------------------
A page refresh in IE7 (version number 7.0.6001) behind an ISP proxy in
Singapore has a header with a malformed line: "Re, 1.2.3.4#015#012" where
1.2.3.4 is the client IP. This breaks the multiple assignment in
HTTPRequest.read_headers():
k, v = line.split(":", 1)
since it's trying to assign a list with one item to 2 variables. The
cryptic error is "ValueError: need more than 1 value to unpack". My
solution is to enclose the problem code in a 'try' block and issue a
'continue' on failure.
--
Ticket URL: <http://www.cherrypy.org/ticket/941>
CherryPy <http://www.cherrypy.org>
CherryPy - a pythonic, object-oriented HTTP framework
CherryPy
Jul 2, 2009, 3:58:33 PM7/2/09
to cherrypy...@googlegroups.com
#941: a broken HTTP header from IE7 triggers a python error
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: new
Priority: normal | Milestone:
Component: wsgiserver | Resolution:
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: new
Priority: normal | Milestone:
Keywords: |
------------------------+---------------------------------------------------
Changes (by guest):
* cc: => stefant...@yahoo.com
CherryPy
Jul 4, 2009, 1:52:20 PM7/4/09
to cherrypy...@googlegroups.com
#941: a broken HTTP header from IE7 triggers a python error
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: new
Priority: normal | Milestone: 3.2
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: new
Component: wsgiserver | Resolution:
Keywords: |
------------------------+---------------------------------------------------
Changes (by fumanchu):
Keywords: |
------------------------+---------------------------------------------------
* milestone: => 3.2
Old description:
> A page refresh in IE7 (version number 7.0.6001) behind an ISP proxy in
> Singapore has a header with a malformed line: "Re, 1.2.3.4#015#012" where
> 1.2.3.4 is the client IP. This breaks the multiple assignment in
> HTTPRequest.read_headers():
>
> k, v = line.split(":", 1)
>
> since it's trying to assign a list with one item to 2 variables. The
> cryptic error is "ValueError: need more than 1 value to unpack". My
> solution is to enclose the problem code in a 'try' block and issue a
> 'continue' on failure.
A page refresh in IE7 (version number 7.0.6001) behind an ISP proxy in
Singapore has a header with a malformed line: "`Re, 1.2.3.4#015#012`"
where 1.2.3.4 is the client IP. This breaks the multiple assignment in
HTTPRequest.read_headers():
#!python
CherryPy
Aug 5, 2009, 12:20:30 AM8/5/09
to cherrypy...@googlegroups.com
#941: a broken HTTP header from IE7 triggers a python error
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: closed
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Priority: normal | Milestone: 3.2
Component: wsgiserver | Resolution: wontfix
Keywords: |
------------------------+---------------------------------------------------
Changes (by fumanchu):
* resolution: => wontfix
------------------------+---------------------------------------------------
Changes (by fumanchu):
* status: new => closed
Comment:
This is too big a security hole to allow IMO. Cf
http://lists.w3.org/Archives/Public/ietf-http-wg/2009JulSep/0281.html
etcetera.
CherryPy
Aug 5, 2009, 12:30:42 AM8/5/09
to cherrypy...@googlegroups.com
#941: a broken HTTP header from IE7 triggers a python error
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: closed
Priority: normal | Milestone: 3.2
Component: wsgiserver | Resolution: wontfix
Keywords: |
------------------------+---------------------------------------------------
Comment (by stefant...@yahoo.com):
Priority: normal | Milestone: 3.2
Component: wsgiserver | Resolution: wontfix
Keywords: |
------------------------+---------------------------------------------------
The provided link is not relevant. This is a broken header sent by a
browser. It cannot be blamed for a hypothetical cache poisoning in squid.
CherryPy
Aug 5, 2009, 12:54:39 AM8/5/09
to cherrypy...@googlegroups.com
#941: a broken HTTP header from IE7 triggers a python error
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
------------------------+---------------------------------------------------
Reporter: guest | Owner: fumanchu
Type: defect | Status: closed
Priority: normal | Milestone: 3.2
Component: wsgiserver | Resolution: wontfix
Keywords: |
------------------------+---------------------------------------------------
Comment (by fumanchu):
Priority: normal | Milestone: 3.2
Component: wsgiserver | Resolution: wontfix
Keywords: |
------------------------+---------------------------------------------------
However, we can at least emit a less cryptic error message. [2489] for
trunk and [2490] for python3.
Reply all
Reply to author
Forward
0 new messages