Last Comment Bug 744927 - Snappy Symbolication Server - Invalid Content Length throws exception
: Snappy Symbolication Server - Invalid Content Length throws exception
Status: VERIFIED FIXED
:
Product: Core
Classification: Components
Component: Gecko Profiler (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
:
Mentors:
Depends on:
Blocks: 744126
  Show dependency treegraph
 
Reported: 2012-04-12 13:32 PDT by David Chan [:dchan]
Modified: 2012-04-16 09:49 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description David Chan [:dchan] 2012-04-12 13:32:05 PDT
Passing a Content-Length that can not be converted to an int results int he server throwing. [1]

STR
1. curl -H "Content-Length: a" -d ""  http://127.0.0.1:8000/

Expected
No Error

----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 63966)
Traceback (most recent call last):
  File "/usr/lib/python2.6/SocketServer.py", line 560, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib/python2.6/SocketServer.py", line 322, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib/python2.6/SocketServer.py", line 617, in __init__
    self.handle()
  File "/usr/lib/python2.6/BaseHTTPServer.py", line 329, in handle
    self.handle_one_request()
  File "/usr/lib/python2.6/BaseHTTPServer.py", line 323, in handle_one_request
    method()
  File "symbolicationWebService.py", line 64, in do_POST
    length = int(self.headers["Content-Length"])
ValueError: invalid literal for int() with base 10: 'a'
----------------------------------------


[1] - https://github.com/vdjeric/Snappy-Symbolication-Server/blob/master/symbolicationWebService.py#L64
Comment 1 Vladan Djeric (:vladan) 2012-04-13 17:50:37 PDT
Moved the Content-Length lookup inside the adjacent try block.

Patch with all the sec review fixes:  https://github.com/vdjeric/Snappy-Symbolication-Server/commit/67705706c605984e220f69469a68b455813923f5

Note You need to log in before you can comment on or make changes to this bug.