Bad encoding (#2980)

* Error on bad body length * Error on smuggle attempt
sanic-org · Jun 30, 2024 · bbb44db · bbb44db
1 parent fee71dd
commit bbb44db
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/sanic/http/http1.py b/sanic/http/http1.py
@@ -221,6 +221,10 @@ async def http1_request_header(self):  # no cov
                 name, value = h = name.lower(), value.lstrip()
 
                 if name in ("content-length", "transfer-encoding"):
+                    if request_body:
+                        raise ValueError(
+                            "Duplicate Content-Length or Transfer-Encoding"
+                        )
                     request_body = True
                 elif name == "connection":
                     self.keep_alive = value.lower() == "keep-alive"

diff --git a/tests/test_http.py b/tests/test_http.py
@@ -165,3 +165,29 @@ def test_invalid_chunk_length(chunk_length, client):
 
     assert b"400 Bad Request" in headers
     assert b"Bad chunked encoding" in body
+
+
+def test_smuggle(client):
+    client.send(
+        """
+        POST /upload HTTP/1.1
+        Content-Length: 5
+        Transfer-Encoding: chunked
+        Transfer-Encoding: xchunked
+
+        5
+        hello
+        0
+
+        GET / HTTP/1.1
+        
+        """  # noqa
+    )
+
+    response = client.recv()
+    num_responses = response.count(b"HTTP/1.1")
+    assert num_responses == 1
+
+    headers, body = response.rsplit(b"\r\n\r\n", 1)
+    assert b"400 Bad Request" in headers
+    assert b"Bad Request" in body