get errors out on malformed HTTP response
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ibid |
Fix Released
|
Low
|
marcog | ||
Bug Description
The get command will cause the following Traceback on a malformed HTTP response:
ERROR core.dispatcher: Exception occured in HTTP processor of network plugin.
Traceback (most recent call last):
File "/usr/local/
processor.
File "/usr/local/
method(event, *match.groups())
File "/usr/local/
if (content_
AttributeError: 'NoneType' object has no attribute 'startswith'
To reproduce:
Run netcat on a public server:
$ nc -l 5000
Instruct the bot to fetch the page:
bot: get xxx.xxx.xxx:5000
You'll see the following come through in the nc session:
GET http://
Host: xxx.xxx.xx:5000
Accept-
Range: bytes=0-2048
Respond with the following (without indents):
HTTP/1.1 502 Foo Bar
^C
It's potentially a vulnerability, but I haven't checked further. It also looks like it's an error in an included lib rather than ibid itself.
Related branches
- Stefano Rivera: Approve
- Jonathan Hitchcock: Approve
-
Diff: 30 lines (+4/-2)1 file modifiedibid/plugins/network.py (+4/-2)
- Max Rabkin: Approve
- Stefano Rivera: Approve
-
Diff: 30 lines (+4/-2)1 file modifiedibid/plugins/network.py (+4/-2)
| Dominic White (singe-lauchpad) wrote | #1 |
| Changed in ibid: | |
| status: | New → In Progress |
| importance: | Undecided → Low |
| assignee: | nobody → marcog (marco-gallotta) |
| milestone: | none → 0.1.1 |
| Changed in ibid: | |
| status: | In Progress → Fix Committed |
| Changed in ibid: | |
| status: | Fix Committed → Fix Released |
BTW this was on 0.1 as of 12 Jan 2010.