[Bug #676292] BaseHTTPServer incorrectly parses protocol; fix by Andrew Dalke

   * Treat major, minor numbers of HTTP version as separate integers
   * Fix errors if version string is "HTTP/1.2.3" or even simply "BLAH".
   * send_error() checks if 'self.command' is a
     HEAD.  However, if there's an error parsing the first line of the
     HTTP request the self.command wasn't set yet; force
     self.command to be initialized to None.

diff --git a/Lib/BaseHTTPServer.py b/Lib/BaseHTTPServer.py
index 69d417a64404758096044f4bcaa7c7e89412eb24..043f9b284f81c50b6e093a08c2aae37ae12b39c6 100644 (file)
--- a/Lib/BaseHTTPServer.py
+++ b/Lib/BaseHTTPServer.py
@@ -226,6 +226,7 @@ class BaseHTTPRequestHandler(SocketServer.StreamRequestHandler):
         error is sent back.
 
         """
+        self.command = None  # set in case of error on the first line
         self.request_version = version = "HTTP/0.9" # Default
         self.close_connection = 1
         requestline = self.raw_requestline
@@ -241,15 +242,25 @@ class BaseHTTPRequestHandler(SocketServer.StreamRequestHandler):
                 self.send_error(400, "Bad request version (%s)" % `version`)
                 return False
             try:
-                version_number = float(version.split('/', 1)[1])
-            except ValueError:
+                base_version_number = version.split('/', 1)[1]
+                version_number = base_version_number.split(".")
+                # RFC 2145 section 3.1 says there can be only one "." and
+                #   - major and minor numbers MUST be treated as
+                #      separate integers;
+                #   - HTTP/2.4 is a lower version than HTTP/2.13, which in
+                #      turn is lower than HTTP/12.3;
+                #   - Leading zeros MUST be ignored by recipients.
+                if len(version_number) != 2:
+                    raise ValueError
+                version_number = int(version_number[0]), int(version_number[1])
+            except (ValueError, IndexError):
                 self.send_error(400, "Bad request version (%s)" % `version`)
                 return False
-            if version_number >= 1.1 and self.protocol_version >= "HTTP/1.1":
+            if version_number >= (1, 1) and self.protocol_version >= "HTTP/1.1":
                 self.close_connection = 0
-            if version_number >= 2.0:
+            if version_number >= (2, 0):
                 self.send_error(505,
-                                "Invalid HTTP Version (%f)" % version_number)
+                          "Invalid HTTP Version (%s)" % base_version_number)
                 return False
         elif len(words) == 2:
             [command, path] = words