fix possible uncaught ValueError from scgi servers

With unicode strings it no longer holds that if s.isdigit() then you can
safely int(s), because there are more digits (such as ^3 \xb3) accepted
by isdigit. This can cause an uncaught ValueError in certain places if
the remote scgi server presents bogus data. Thanks to Klaus Aehlig for
pointing out what isdigit accepts.

1 files changed, 7 insertions, 5 deletions

diff --git a/wsgitools/scgi/asynchronous.py b/wsgitools/scgi/asynchronous.py
index 3009593..51c1d55 100644
--- a/wsgitools/scgi/asynchronous.py
+++ b/wsgitools/scgi/asynchronous.py
@@ -78,10 +78,11 @@ class SCGIConnection(asyncore.dispatcher):
         if self.state == SCGIConnection.NEW:
             if b':' in self.inbuff:
                 reqlen, self.inbuff = self.inbuff.split(b':', 1)
-                if not reqlen.isdigit():
+                try:
+                    reqlen = int(reqlen)
+                except ValueError:  # invalid request format
                     self.close()
-                    return # invalid request format
-                reqlen = int(reqlen)
+                    return
                 if reqlen > self.maxrequestsize:
                     self.close()
                     return # request too long
@@ -105,10 +106,11 @@ class SCGIConnection(asyncore.dispatcher):
             if self.reqlen == 0:
                 if self.inbuff.startswith(b','):
                     self.inbuff = self.inbuff[1:]
-                    if not self.environ.get("CONTENT_LENGTH", "bad").isdigit():
+                    try:
+                        self.reqlen = int(self.environ["CONTENT_LENGTH"])
+                    except ValueError:
                         self.close()
                         return
-                    self.reqlen = int(self.environ["CONTENT_LENGTH"])
                     if self.reqlen > self.maxpostsize:
                         self.close()
                         return