tornadoweb / tornado

Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed.
http://www.tornadoweb.org/
Apache License 2.0
21.73k stars 5.5k forks source link

wsgi: Uncaught exception #3055

Open mjofwh opened 3 years ago

mjofwh commented 3 years ago

when i send a request like this:HTTPServerRequest(protocol='https', host=': localhost', method='GET', uri='/', version='HTTP/1.1', remote_ip='127.0.0.1') there is a exception as follow:

ERROR:tornado.application:Uncaught exception Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/tornado/http1connection.py", line 273, in _read_message delegate.finish() File "/usr/local/lib/python3.8/site-packages/tornado/httpserver.py", line 280, in finish self.request_callback(self.request) File "/usr/local/lib/python3.8/site-packages/tornado/wsgi.py", line 114, in call WSGIContainer.environ(request), start_response File ERROR:tornado.application:Uncaught exception Traceback (most recent call last): File "/usr/local/lib/python3.8/site-packages/tornado/http1connection.py", line 273, in _read_message delegate.finish() File "/usr/local/lib/python3.8/site-packages/tornado/httpserver.py", line 280, in finish self.request_callback(self.request) File "/usr/local/lib/python3.8/site-packages/tornado/wsgi.py", line 114, in call WSGIContainer.environ(request), start_response File "/usr/local/lib/python3.8/site-packages/tornado/wsgi.py", line 154, in environ port = int(hostport[1]) ValueError: invalid literal for int() with base 10: ' localhost' /wsgi.py", line 154, in environ port = int(hostport[1]) ValueError: invalid literal for int() with base 10: ' localhost'

bdarnell commented 3 years ago

host=': localhost' is not valid. Where is this coming from?

mjofwh commented 3 years ago

I am using a fuzz tool to test the web application,the tool sends a packet with host=': localhost'. In fact,it can fill host with any string. @bdarnell