diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py index af4a83ec6..3ec22fb40 100644 --- a/libmproxy/proxy.py +++ b/libmproxy/proxy.py @@ -189,7 +189,7 @@ class ProxyHandler(tcp.BaseHandler): if request: err = flow.Error(request, e.msg) err._send(self.mqueue) - self.send_error(e.code, e.msg) + self.send_error(e.code, e.msg) else: return True @@ -261,7 +261,10 @@ class ProxyHandler(tcp.BaseHandler): if line == "": return None if line.startswith("CONNECT"): - host, port, httpversion = http.parse_init_connect(line) + r = http.parse_init_connect(line) + if not r: + raise ProxyError(400, "Bad HTTP request line: %s"%line) + host, port, httpversion = r # FIXME: Discard additional headers sent to the proxy. Should I expose # these to users? while 1: @@ -290,6 +293,9 @@ class ProxyHandler(tcp.BaseHandler): ) return flow.Request(client_conn, httpversion, host, port, "https", method, path, headers, content) else: + r = http.parse_init_proxy(line) + if not r: + raise ProxyError(400, "Bad HTTP request line: %s"%line) method, scheme, host, port, path, httpversion = http.parse_init_proxy(line) headers = http.read_headers(self.rfile) content = http.read_http_body_request( diff --git a/test/test_server.py b/test/test_server.py index 8878cf32e..e4a62fa5e 100644 --- a/test/test_server.py +++ b/test/test_server.py @@ -1,6 +1,7 @@ import urllib, urllib2, unittest import time import libpathod.test, requests +from netlib import tcp, http import tutils """ @@ -21,7 +22,19 @@ class SanityMixin: class TestHTTP(tutils.HTTPProxTest, SanityMixin): - pass + def test_invalid_http(self): + t = tcp.TCPClient("127.0.0.1", self.proxy.port) + t.connect() + t.wfile.write("invalid\n\n") + t.wfile.flush() + assert "Bad Request" in t.rfile.readline() + + def test_invalid_connect(self): + t = tcp.TCPClient("127.0.0.1", self.proxy.port) + t.connect() + t.wfile.write("CONNECT invalid\n\n") + t.wfile.flush() + assert "Bad Request" in t.rfile.readline() class TestHTTPS(tutils.HTTPProxTest, SanityMixin):