search

python-hyper / h2

Pure-Python HTTP/2 protocol implementation
https://python-hyper.org/
MIT License
968 stars 157 forks source link

InvalidBodyLengthError #1252

Closed WEDeach closed 3 years ago

WEDeach commented 3 years ago

Hello! I am using the http2 function in httpx to connect to some services The service has binary encrypted data, and the content-length of the response represents the length I need to decrypt

And this caused the InvalidBodyLengthError in the h2 module

File "C:\Users\20191121\AppData\Local\Programs\Python\Python36\lib\site-packages\h2\stream.py", line 1337, in _track_content_length raise InvalidBodyLengthError(expected, actual) h2.exceptions.InvalidBodyLengthError: InvalidBodyLengthError: Expected 116 bytes, received 132

I tried to annotate the line of code in h2\stream.py, and it working, so I am curious why need to raise the error?

If it is to check for security, should you add parameters so that users can bypass the check?

vmagamedov commented 3 years ago

https://httpwg.org/specs/rfc7540.html#rfc.section.8.1.2.6 says that such response is malformed and MUST NOT be accepted.

Just checked that curl also raises PROTOCOL_ERROR when you provide wrong content-length header. You can also try curl this way with your server:

$ curl --http2 --http2-prior-knowledge -v https://...

I think that this issue requires more of investigation on your side.

WEDeach commented 3 years ago

I checked it again

when I using http2, it will get wrong content-length (116). when using http1.1, it got the correct content-length (132).

I’m sorry, it seems to be a problem from the server, although I don’t know why the server respond wrong content-length but now, close this