From fbce37054fa289eb5d7a9c791db9d4a71b96ecea Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Mon, 19 Dec 2016 16:06:18 +0100
Subject: fix #1877

---
 mitmproxy/net/http/message.py           | 6 +++++-
 test/mitmproxy/net/http/test_message.py | 9 +++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/mitmproxy/net/http/message.py b/mitmproxy/net/http/message.py
index d3d6898d..166f919a 100644
--- a/mitmproxy/net/http/message.py
+++ b/mitmproxy/net/http/message.py
@@ -103,7 +103,11 @@ class Message(serializable.Serializable):
         ce = self.headers.get("content-encoding")
         if ce:
             try:
-                return encoding.decode(self.raw_content, ce)
+                content = encoding.decode(self.raw_content, ce)
+                # A client may illegally specify a byte -> str encoding here (e.g. utf8)
+                if isinstance(content, str):
+                    raise ValueError("Invalid Content-Encoding: {}".format(ce))
+                return content
             except ValueError:
                 if strict:
                     raise
diff --git a/test/mitmproxy/net/http/test_message.py b/test/mitmproxy/net/http/test_message.py
index 69d029d9..a001e734 100644
--- a/test/mitmproxy/net/http/test_message.py
+++ b/test/mitmproxy/net/http/test_message.py
@@ -141,6 +141,15 @@ class TestMessageContentEncoding:
         assert r.headers["content-encoding"]
         assert r.get_content(strict=False) == b"foo"
 
+    def test_utf8_as_ce(self):
+        r = tutils.tresp()
+        r.headers["content-encoding"] = "utf8"
+        r.raw_content = b"foo"
+        with tutils.raises(ValueError):
+            assert r.content
+        assert r.headers["content-encoding"]
+        assert r.get_content(strict=False) == b"foo"
+
     def test_cannot_decode(self):
         r = tutils.tresp()
         r.encode("gzip")
-- 
cgit v1.2.3