From beec61ae4e811f55f58d0197c8af994e252ab9ae Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Sat, 2 Feb 2013 22:49:34 +0100 Subject: [PATCH] Issue #15633: httplib.HTTPResponse is now mark closed when the server sends less than the advertised Content-Length. --- Lib/http/client.py | 10 +++++++++- Lib/test/test_httplib.py | 18 +++++++++++++++--- Misc/NEWS | 3 +++ 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/Lib/http/client.py b/Lib/http/client.py index 4d93b93ff0..36528dacba 100644 --- a/Lib/http/client.py +++ b/Lib/http/client.py @@ -493,7 +493,11 @@ class HTTPResponse(io.RawIOBase): if self.length is None: s = self.fp.read() else: - s = self._safe_read(self.length) + try: + s = self._safe_read(self.length) + except IncompleteRead: + self.close() + raise self.length = 0 self.close() # we read everything return s @@ -507,6 +511,10 @@ class HTTPResponse(io.RawIOBase): # connection, and the user is reading more bytes than will be provided # (for example, reading in 1k chunks) s = self.fp.read(amt) + if not s: + # Ideally, we would raise IncompleteRead if the content-length + # wasn't satisfied, but it might break compatibility. + self.close() if self.length is not None: self.length -= len(s) if not self.length: diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py index b0777d4286..5df4b51204 100644 --- a/Lib/test/test_httplib.py +++ b/Lib/test/test_httplib.py @@ -199,6 +199,19 @@ class BasicTest(TestCase): self.assertEqual(resp.read(1), b'') self.assertTrue(resp.isclosed()) + def test_partial_reads_incomplete_body(self): + # if the server shuts down the connection before the whole + # content-length is delivered, the socket is gracefully closed + body = "HTTP/1.1 200 Ok\r\nContent-Length: 10\r\n\r\nText" + sock = FakeSocket(body) + resp = client.HTTPResponse(sock) + resp.begin() + self.assertEqual(resp.read(2), b'Te') + self.assertFalse(resp.isclosed()) + self.assertEqual(resp.read(2), b'xt') + self.assertEqual(resp.read(1), b'') + self.assertTrue(resp.isclosed()) + def test_host_port(self): # Check invalid host_port @@ -349,7 +362,7 @@ class BasicTest(TestCase): resp = client.HTTPResponse(sock, method="GET") resp.begin() self.assertEqual(resp.read(), b'Hello\r\n') - resp.close() + self.assertTrue(resp.isclosed()) def test_incomplete_read(self): sock = FakeSocket('HTTP/1.1 200 OK\r\nContent-Length: 10\r\n\r\nHello\r\n') @@ -363,10 +376,9 @@ class BasicTest(TestCase): "IncompleteRead(7 bytes read, 3 more expected)") self.assertEqual(str(i), "IncompleteRead(7 bytes read, 3 more expected)") + self.assertTrue(resp.isclosed()) else: self.fail('IncompleteRead expected') - finally: - resp.close() def test_epipe(self): sock = EPipeSocket( diff --git a/Misc/NEWS b/Misc/NEWS index 420056ed3a..d23ab200a0 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -212,6 +212,9 @@ Core and Builtins Library ------- +- Issue #15633: httplib.HTTPResponse is now mark closed when the server + sends less than the advertised Content-Length. + - Issue #6972: The zipfile module no longer overwrites files outside of its destination path when extracting malicious zip files. -- 2.40.0