From c1ba0c783fc59dc8d00b9b8aed7250569bcc14d4 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Mon, 9 Dec 2013 07:38:18 +0100
Subject: fix possible uncaught ValueError from scgi servers

With unicode strings it no longer holds that if s.isdigit() then you can
safely int(s), because there are more digits (such as ^3 \xb3) accepted
by isdigit. This can cause an uncaught ValueError in certain places if
the remote scgi server presents bogus data. Thanks to Klaus Aehlig for
pointing out what isdigit accepts.
---
 wsgitools/scgi/forkpool.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'wsgitools/scgi/forkpool.py')

diff --git a/wsgitools/scgi/forkpool.py b/wsgitools/scgi/forkpool.py
index 150ed44..1f4cdee 100644
--- a/wsgitools/scgi/forkpool.py
+++ b/wsgitools/scgi/forkpool.py
@@ -405,10 +405,11 @@ class SCGIServer:
             con.close()
             return
         length, data = data.split(b':', 1)
-        if not length.isdigit(): # clear protocol violation
+        try:
+            length = int(length)
+        except ValueError:  # clear protocol violation
             con.close()
             return
-        length = int(length)
 
         while len(data) != length + 1: # read one byte beyond
             try:
@@ -471,12 +472,14 @@ class SCGIServer:
             response_head[0] = False # set but nothing sent
             return dumbsend
 
-        if not environ.get("CONTENT_LENGTH", "bad").isdigit():
+        try:
+            content_length = int(environ["CONTENT_LENGTH"])
+        except ValueError:
             con.close()
             return
 
         _convert_environ(environ, multiprocess=True)
-        sfw = SocketFileWrapper(con, int(environ["CONTENT_LENGTH"]))
+        sfw = SocketFileWrapper(con, content_length)
         environ["wsgi.input"] = sfw
 
         result = self.wsgiapp(environ, start_response)
-- 
cgit v1.2.3