Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2024-11-23 00:01:36 +00:00
Code Issues Projects Releases Wiki Activity

Don't pass malformed request objects to our error handler

Browse Source
This commit is contained in:
Aldo Cortesi 2017-03-23 10:07:39 +13:00
parent 1e81747a2a
commit 44c3a24f8e
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
mitmproxy/proxy/protocol/http.py
View File

@ -143,9 +143,11 @@ def validate_request_form(mode, request):
if request.first_line_format not in allowed_request_forms: if request.first_line_format not in allowed_request_forms:
if mode == HTTPMode.transparent: if mode == HTTPMode.transparent:
err_message = ( err_message = (
"Mitmproxy received an {} request even though it is not running in regular mode. " """
"This usually indicates a misconfiguration, please see " Mitmproxy received an {} request even though it is not running
"http://docs.mitmproxy.org/en/stable/modes.html for details." in regular mode. This usually indicates a misconfiguration,
please see the mitmproxy mode documentation for details.
"""
).format("HTTP CONNECT" if request.first_line_format == "authority" else "absolute-form") ).format("HTTP CONNECT" if request.first_line_format == "authority" else "absolute-form")
else: else:
err_message = "Invalid HTTP request form (expected: %s, got: %s)" % ( err_message = "Invalid HTTP request form (expected: %s, got: %s)" % (
@ -260,7 +262,10 @@ class HttpLayer(base.Layer):
self.send_error_response(400, msg) self.send_error_response(400, msg)
raise exceptions.ProtocolException(msg) raise exceptions.ProtocolException(msg)
validate_request_form(self.mode, request)
self.channel.ask("requestheaders", f) self.channel.ask("requestheaders", f)
# Re-validate request form in case the user has changed something.
validate_request_form(self.mode, request)
if request.headers.get("expect", "").lower() == "100-continue": if request.headers.get("expect", "").lower() == "100-continue":
# TODO: We may have to use send_response_headers for HTTP2 # TODO: We may have to use send_response_headers for HTTP2
@ -270,12 +275,12 @@ class HttpLayer(base.Layer):
request.data.content = b"".join(self.read_request_body(request)) request.data.content = b"".join(self.read_request_body(request))
request.timestamp_end = time.time() request.timestamp_end = time.time()
validate_request_form(self.mode, request)
except exceptions.HttpException as e: except exceptions.HttpException as e:
# We optimistically guess there might be an HTTP client on the # We optimistically guess there might be an HTTP client on the
# other end # other end
self.send_error_response(400, repr(e)) self.send_error_response(400, repr(e))
# Request may be malformed at this point, so we unset it.
f.request = None
f.error = flow.Error(str(e)) f.error = flow.Error(str(e))
self.channel.ask("error", f) self.channel.ask("error", f)
raise exceptions.ProtocolException( raise exceptions.ProtocolException(