Handle invalid IDNA encoding in hostnames

Fixes #622
2024-11-26 18:18:25 +00:00 · 2015-06-12 16:00:16 +12:00 · 2015-06-12 16:00:16 +12:00 · 7890450b0c
commit 7890450b0c
parent fcc1558180
2 changed files with 12 additions and 6 deletions
--- a/libmproxy/protocol/http.py
+++ b/libmproxy/protocol/http.py
@ -584,11 +584,10 @@ class HTTPRequest(HTTPMessage):
            of the request, e.g. if an upstream proxy is in place

            If hostheader is set to True, the Host: header will be used as
-            additional (and preferred) data source. This is handy in transparent
-            mode, where only the ip of the destination is known, but not the
-            resolved name. This is disabled by default, as an attacker may spoof
-            the host header to confuse an analyst.
-
+            additional (and preferred) data source. This is handy in
+            transparent mode, where only the IO of the destination is known,
+            but not the resolved name. This is disabled by default, as an
+            attacker may spoof the host header to confuse an analyst.
        """
        host = None
        if hostheader:
@ -596,7 +595,10 @@ class HTTPRequest(HTTPMessage):
        if not host:
            host = self.host
        if host:
-            return host.encode("idna")
+            try:
+                return host.encode("idna")
+            except ValueError:
+                return host
        else:
            return None

--- a/test/test_protocol_http.py
+++ b/test/test_protocol_http.py
@ -142,6 +142,10 @@ class TestHTTPRequest:
        assert r.pretty_host(True) is None
        assert r.pretty_host(False) is None

+        # Invalid IDNA
+        r.headers["host"] = [".disqus.com"]
+        assert r.pretty_host(True) == ".disqus.com"
+
    def test_get_form_for_urlencoded(self):
        r = tutils.treq()
        r.headers.add("content-type", "application/x-www-form-urlencoded")