Gunicorn fails with a 500, instead of a 400, when a request path is a malformed IPv6 address #1023

alex · 2015-05-09T15:56:30Z

Request:

~/.v/tempenv-701523535780 $ telnet localhost 8000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
PUT ///]ufd/: HTTP/1.1
HTTP/1.1 500 Internal Server Error
Connection: close
Content-Type: text/html
Content-Length: 141

<html>
  <head>
    <title>Internal Server Error</title>
  </head>
  <body>
    <h1><p>Internal Server Error</p></h1>

  </body>
</html>
Connection closed by foreign host.

Server:

(tempenv-027621611529f) ~/.v/tempenv-701523535780 $ gunicorn w:f
[2015-05-09 11:53:50 -0400] [75550] [INFO] Starting gunicorn 19.3.0
[2015-05-09 11:53:50 -0400] [75550] [INFO] Listening at: http://127.0.0.1:8000 (75550)
[2015-05-09 11:53:50 -0400] [75550] [INFO] Using worker: sync
[2015-05-09 11:53:50 -0400] [75567] [INFO] Booting worker with pid: 75567
[2015-05-09 11:54:44 -0400] [75567] [ERROR] Error handling request
Traceback (most recent call last):
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 129, in handle
    req = six.next(parser)
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/parser.py", line 41, in __next__
    self.mesg = self.mesg_class(self.cfg, self.unreader, self.req_count)
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/message.py", line 153, in __init__
    super(Request, self).__init__(cfg, unreader)
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/message.py", line 53, in __init__
    unused = self.parse(self.unreader)
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/message.py", line 177, in parse
    self.parse_request_line(bytes_to_str(line))
  File "/Users/alex_gaynor/.virtualenvs/tempenv-027621611529f/lib/python2.7/site-packages/gunicorn/http/message.py", line 326, in parse_request_line
    parts = urlsplit(self.uri)
  File "/Users/alex_gaynor/.pyenv/versions/2.7.9/lib/python2.7/urlparse.py", line 214, in urlsplit
    raise ValueError("Invalid IPv6 URL")
ValueError: Invalid IPv6 URL

This should result in a 400 bad request, not a 500.

(This was found using the AFL fuzzer)

The text was updated successfully, but these errors were encountered:

berkerpeksag · 2015-05-09T16:14:32Z

Thanks for the report! PR #1024 should fix this.

PUT ///]ufd/: HTTP/1.1
HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/html
Content-Length: 195

<html>
  <head>
    <title>Bad Request</title>
  </head>
  <body>
    <h1><p>Bad Request</p></h1>
    Invalid Request Line 'Invalid HTTP request line: 'PUT ///]ufd/: HTTP/1.1''
  </body>
</html>
Connection closed by foreign host.

alex · 2015-05-09T16:19:25Z

cool!

berkerpeksag added the bug :( label May 9, 2015

berkerpeksag mentioned this issue May 9, 2015

Raise InvalidRequestLine instead of ValueError if the line contains m… #1024

Merged

berkerpeksag closed this as completed in #1024 May 11, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Gunicorn fails with a 500, instead of a 400, when a request path is a malformed IPv6 address #1023

Gunicorn fails with a 500, instead of a 400, when a request path is a malformed IPv6 address #1023

alex commented May 9, 2015

berkerpeksag commented May 9, 2015

alex commented May 9, 2015

Gunicorn fails with a 500, instead of a 400, when a request path is a malformed IPv6 address #1023

Gunicorn fails with a 500, instead of a 400, when a request path is a malformed IPv6 address #1023

Comments

alex commented May 9, 2015

berkerpeksag commented May 9, 2015

alex commented May 9, 2015