From 92c5f8b8dbfc73780f8404b225b1282d58c5cd96 Mon Sep 17 00:00:00 2001 From: Bert JW Regeer Date: Sat, 12 Mar 2022 19:16:23 -0700 Subject: [PATCH 6/8] Remove extraneous calls to .strip() in Chunked Encoding To be valid chunked encoding we should not be removing any whitespace as the standard does not allow for optional whitespace. If whitespace is encountered in the wrong place, it should lead to a 400 Bad Request instead. (cherry picked from commit bd22869c143a3f1284f271399524676efbafa655) --- waitress/receiver.py | 6 +----- waitress/tests/test_receiver.py | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/waitress/receiver.py b/waitress/receiver.py index 9e4bffe..806ff87 100644 --- a/waitress/receiver.py +++ b/waitress/receiver.py @@ -135,7 +135,6 @@ class ChunkedReceiver(object): line = s[:pos] s = s[pos + 2 :] self.control_line = b"" - line = line.strip() if line: # Begin a new chunk. @@ -153,9 +152,6 @@ class ChunkedReceiver(object): line = line[:semi] - # Remove any whitespace - line = line.strip() - if not ONLY_HEXDIG_RE.match(line): self.error = BadRequest("Invalid chunk size") self.all_chunks_received = True @@ -164,7 +160,7 @@ class ChunkedReceiver(object): # Can not fail due to matching against the regular # expression above - sz = int(line.strip(), 16) # hexadecimal + sz = int(line, 16) # hexadecimal if sz > 0: # Start a new chunk. diff --git a/waitress/tests/test_receiver.py b/waitress/tests/test_receiver.py index b539264..fd192c1 100644 --- a/waitress/tests/test_receiver.py +++ b/waitress/tests/test_receiver.py @@ -259,7 +259,7 @@ class TestChunkedReceiverParametrized: def test_received_invalid_size(self, invalid_size): from waitress.utilities import BadRequest - for invalid_size in [b"0x04", b"+0x04", b"x04", b"+04"]: + for invalid_size in [b"0x04", b"+0x04", b"x04", b"+04", b" 04", b" 0x04"]: buf = DummyBuffer() inst = self._makeOne(buf) data = invalid_size + b"\r\ntest\r\n" -- 2.45.2