Handle invalid content-length

author daftshady <daftonshady@gmail.com>

Sun, 15 May 2016 14:01:17 +0000 (23:01 +0900)

committer daftshady <daftonshady@gmail.com>

Sun, 15 May 2016 14:01:17 +0000 (23:01 +0900)
author daftshady <daftonshady@gmail.com>
Sun, 15 May 2016 14:01:17 +0000 (23:01 +0900)
committer daftshady <daftonshady@gmail.com>
Sun, 15 May 2016 14:01:17 +0000 (23:01 +0900)
diff --git a/tornado/http1connection.py b/tornado/http1connection.py

index 8194f91436beca1853a7ac435ec936f8760736c2..43034c6b503d45404c9ef10d7917fcb77d106c45 100644 (file)
--- a/tornado/http1connection.py
+++ b/tornado/http1connection.py
@@ -540,7 +540,13 @@ class HTTP1Connection(httputil.HTTPConnection):
                          "Multiple unequal Content-Lengths: %r" %
                          headers["Content-Length"])
                  headers["Content-Length"] = pieces[0]
-            content_length = int(headers["Content-Length"])
+
+            try:
+                content_length = int(headers["Content-Length"])
+            except ValueError:
+                # Handles non-integer Content-Length value.
+                raise httputil.HTTPInputError(
+                    "Only integer Content-Length is allowed: %s" % headers["Content-Length"])
  
              if content_length > self._max_body_size:
                  raise httputil.HTTPInputError("Content-Length too long")
author	daftshady <daftonshady@gmail.com>
	Sun, 15 May 2016 14:01:17 +0000 (23:01 +0900)
committer	daftshady <daftonshady@gmail.com>
	Sun, 15 May 2016 14:01:17 +0000 (23:01 +0900)