Bug in expected_http_body_size fix (#2642)

fixes #2618

2 files changed, 16 insertions, 1 deletions

diff --git a/mitmproxy/net/http/http1/read.py b/mitmproxy/net/http/http1/read.py
index 491135ac..0f70b1a7 100644
--- a/mitmproxy/net/http/http1/read.py
+++ b/mitmproxy/net/http/http1/read.py
@@ -210,7 +210,11 @@ def expected_http_body_size(request, response=None):
         return None
     if "content-length" in headers:
         try:
-            size = int(headers["content-length"])
+            sizes = headers.get_all("content-length")
+            different_content_length_headers = any(x != sizes[0] for x in sizes)
+            if different_content_length_headers:
+                raise exceptions.HttpSyntaxException("Conflicting Content Length Headers")
+            size = int(sizes[0])
             if size < 0:
                 raise ValueError()
             return size
diff --git a/test/mitmproxy/net/http/http1/test_read.py b/test/mitmproxy/net/http/http1/test_read.py
index b3589c92..4084c360 100644
--- a/test/mitmproxy/net/http/http1/test_read.py
+++ b/test/mitmproxy/net/http/http1/test_read.py
@@ -194,6 +194,17 @@ def test_expected_http_body_size():
         treq(headers=Headers(content_length="42"))
     ) == 42
 
+    # more than 1 content-length headers with same value
+    assert expected_http_body_size(
+        treq(headers=Headers([(b'content-length', b'42'), (b'content-length', b'42')]))
+    ) == 42
+
+    # more than 1 content-length headers with conflicting value
+    with pytest.raises(exceptions.HttpSyntaxException):
+        expected_http_body_size(
+            treq(headers=Headers([(b'content-length', b'42'), (b'content-length', b'45')]))
+        )
+
     # no length
     assert expected_http_body_size(
         treq(headers=Headers())