From 44c3a24f8e4d65f231e3b38fd1c3fdc49faca90e Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@corte.si>
Date: Thu, 23 Mar 2017 10:07:39 +1300
Subject: [PATCH] Don't pass malformed request objects to our error handler

---
 mitmproxy/proxy/protocol/http.py | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/mitmproxy/proxy/protocol/http.py b/mitmproxy/proxy/protocol/http.py
index d9e53fed9..458708305 100644
--- a/mitmproxy/proxy/protocol/http.py
+++ b/mitmproxy/proxy/protocol/http.py
@@ -143,9 +143,11 @@ def validate_request_form(mode, request):
     if request.first_line_format not in allowed_request_forms:
         if mode == HTTPMode.transparent:
             err_message = (
-                "Mitmproxy received an {} request even though it is not running in regular mode. "
-                "This usually indicates a misconfiguration, please see "
-                "http://docs.mitmproxy.org/en/stable/modes.html for details."
+                """
+                Mitmproxy received an {} request even though it is not running
+                in regular mode. This usually indicates a misconfiguration,
+                please see the mitmproxy mode documentation for details.
+                """
             ).format("HTTP CONNECT" if request.first_line_format == "authority" else "absolute-form")
         else:
             err_message = "Invalid HTTP request form (expected: %s, got: %s)" % (
@@ -260,7 +262,10 @@ class HttpLayer(base.Layer):
                     self.send_error_response(400, msg)
                     raise exceptions.ProtocolException(msg)
 
+            validate_request_form(self.mode, request)
             self.channel.ask("requestheaders", f)
+            # Re-validate request form in case the user has changed something.
+            validate_request_form(self.mode, request)
 
             if request.headers.get("expect", "").lower() == "100-continue":
                 # TODO: We may have to use send_response_headers for HTTP2
@@ -270,12 +275,12 @@ class HttpLayer(base.Layer):
 
             request.data.content = b"".join(self.read_request_body(request))
             request.timestamp_end = time.time()
-
-            validate_request_form(self.mode, request)
         except exceptions.HttpException as e:
             # We optimistically guess there might be an HTTP client on the
             # other end
             self.send_error_response(400, repr(e))
+            # Request may be malformed at this point, so we unset it.
+            f.request = None
             f.error = flow.Error(str(e))
             self.channel.ask("error", f)
             raise exceptions.ProtocolException(