You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
gunicorn currently parses chunk lengths using int. This causes problems because int accepts a lot more than should be acceptable in a chunk length. The biggest problem characters are, '-', '+', and '_'.
Examples
HTTP requests in which gunicorn misinterprets a chunk length:
During chunk length parsing, verify that the input is all ASCII digits.
Versions
CPython version: 3.10.11
Gunicorn version: master
Notes
This issue is identical to #2977, but for chunk lengths. Given that @jasonamyers fixed that issue, maybe he's interested in helping out with this one as well?
The text was updated successfully, but these errors were encountered:
I think the reasonable fix would be to change gunicorn/http/body.py to check that chunk lengths match the set of hex characters. A patch can be seen here: https://github.com/benoitc/gunicorn/pull/3059/files
kenballus
changed the title
Improper parsing of chunk lengths
Improper parsing of chunk lengths and headers
Nov 13, 2023
kenballus
changed the title
Improper parsing of chunk lengths and headers
Improper parsing of chunk lengths
Nov 13, 2023
Description
gunicorn currently parses chunk lengths using
int
. This causes problems becauseint
accepts a lot more than should be acceptable in a chunk length. The biggest problem characters are, '-', '+', and '_'.Examples
HTTP requests in which gunicorn misinterprets a chunk length:
Underscore between digits
Plus sign prefix
Minus sign prefix (only works for 0)
Solution
During chunk length parsing, verify that the input is all ASCII digits.
Versions
CPython version: 3.10.11
Gunicorn version: master
Notes
This issue is identical to #2977, but for chunk lengths. Given that @jasonamyers fixed that issue, maybe he's interested in helping out with this one as well?
The text was updated successfully, but these errors were encountered: