Handle invalid data more gracefully.

Fixes #47
author: Aldo Cortesi <aldo@nullcube.com> 2012-06-30 15:59:42 +1200
committer: Aldo Cortesi <aldo@nullcube.com> 2012-06-30 15:59:42 +1200
commit: f070e4523aebd383f6424a020c93f4065aaa673c (patch)
tree: 10e8cc37d987d23e52344994264a70cbed377f91
parent: 16e87a81acf2f6992a47d54b6f2cad61c8b8ff2b (diff)
download: mitmproxy-f070e4523aebd383f6424a020c93f4065aaa673c.tar.gz
mitmproxy-f070e4523aebd383f6424a020c93f4065aaa673c.tar.bz2
mitmproxy-f070e4523aebd383f6424a020c93f4065aaa673c.zip
2 files changed, 22 insertions, 3 deletions
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index af4a83ec..3ec22fb4 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -189,7 +189,7 @@ class ProxyHandler(tcp.BaseHandler):
             if request:
                 err = flow.Error(request, e.msg)
                 err._send(self.mqueue)
-                self.send_error(e.code, e.msg)
+            self.send_error(e.code, e.msg)
         else:
             return True
 
@@ -261,7 +261,10 @@ class ProxyHandler(tcp.BaseHandler):
             if line == "":
                 return None
             if line.startswith("CONNECT"):
-                host, port, httpversion = http.parse_init_connect(line)
+                r = http.parse_init_connect(line)
+                if not r:
+                    raise ProxyError(400, "Bad HTTP request line: %s"%line)
+                host, port, httpversion = r
                 # FIXME: Discard additional headers sent to the proxy. Should I expose
                 # these to users?
                 while 1:
@@ -290,6 +293,9 @@ class ProxyHandler(tcp.BaseHandler):
                 )
                 return flow.Request(client_conn, httpversion, host, port, "https", method, path, headers, content)
             else:
+                r = http.parse_init_proxy(line)
+                if not r:
+                    raise ProxyError(400, "Bad HTTP request line: %s"%line)
                 method, scheme, host, port, path, httpversion = http.parse_init_proxy(line)
                 headers = http.read_headers(self.rfile)
                 content = http.read_http_body_request(
diff --git a/test/test_server.py b/test/test_server.py
index 8878cf32..e4a62fa5 100644
--- a/test/test_server.py
+++ b/test/test_server.py
@@ -1,6 +1,7 @@
 import urllib, urllib2, unittest
 import time
 import libpathod.test, requests
+from netlib import tcp, http
 import tutils
 
 """
@@ -21,7 +22,19 @@ class SanityMixin:
 
 
 class TestHTTP(tutils.HTTPProxTest, SanityMixin):
-    pass
+    def test_invalid_http(self):
+        t = tcp.TCPClient("127.0.0.1", self.proxy.port)
+        t.connect()
+        t.wfile.write("invalid\n\n")
+        t.wfile.flush()
+        assert "Bad Request" in t.rfile.readline()
+
+    def test_invalid_connect(self):
+        t = tcp.TCPClient("127.0.0.1", self.proxy.port)
+        t.connect()
+        t.wfile.write("CONNECT invalid\n\n")
+        t.wfile.flush()
+        assert "Bad Request" in t.rfile.readline()
 
 
 class TestHTTPS(tutils.HTTPProxTest, SanityMixin):
author	Aldo Cortesi <aldo@nullcube.com>	2012-06-30 15:59:42 +1200
committer	Aldo Cortesi <aldo@nullcube.com>	2012-06-30 15:59:42 +1200
commit	f070e4523aebd383f6424a020c93f4065aaa673c (patch)
tree	10e8cc37d987d23e52344994264a70cbed377f91
parent	16e87a81acf2f6992a47d54b6f2cad61c8b8ff2b (diff)
download	mitmproxy-f070e4523aebd383f6424a020c93f4065aaa673c.tar.gz mitmproxy-f070e4523aebd383f6424a020c93f4065aaa673c.tar.bz2 mitmproxy-f070e4523aebd383f6424a020c93f4065aaa673c.zip