[PR #12119/0e2d3ec4 backport][3.14] Fix server hang on chunked transfer encoding size mismatch#12122
Merged
Dreamsorcerer merged 1 commit into3.14from Feb 22, 2026
Conversation
(cherry picked from commit 0e2d3ec)
3 tasks
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## 3.14 #12122 +/- ##
=======================================
Coverage 98.24% 98.25%
=======================================
Files 129 129
Lines 45430 45446 +16
Branches 2454 2455 +1
=======================================
+ Hits 44633 44652 +19
+ Misses 615 612 -3
Partials 182 182
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Dreamsorcerer
deleted the
patchback/backports/3.14/0e2d3ec48a950a2aacaf3f5d0d1f1597a1d5385b/pr-12119
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is a backport of PR #12119 as merged into master (0e2d3ec).
Summary
Fixes #10596.
When chunked transfer encoding
chunk-sizedoes not match the actual data length, the server hangs indefinitely instead of rejecting the request. Per RFC 9112,chunk-datamust be exactlychunk-sizeoctets followed by CRLF.Root cause: In
PARSE_CHUNKED_CHUNK_EOFstate (after consumingchunk-sizebytes), any data that doesn't start with\r\nis stored in_chunk_tailand the parser returnsFalse— waiting forever for more data. When the chunk-size is wrong (e.g., declared 4 but sent 5 bytes), the byte after the consumed data is not\rand will never become\r\n.Fix: Before falling through to the wait-for-more-data path, check whether the available data can't possibly be the start of the expected CRLF separator. If we have enough bytes to determine the separator is wrong, raise
TransferEncodingErrorimmediately. The legitimate partial-separator case (received\rbut not yet\n) is preserved.Changes:
aiohttp/http_parser.py: Addelifbranch inPARSE_CHUNKED_CHUNK_EOFthat raisesTransferEncodingErrorwhen data doesn't match CRLF prefixtests/test_http_parser.py: Two regression tests — data too long (5 bytes for chunk-size 4) and data too short (5 bytes for chunk-size 6)CHANGES/10596.bugfix.rst: Changelog entryTest plan
test_parse_chunked_payload_size_data_mismatchandtest_parse_chunked_payload_size_data_mismatch_too_shorttest_http_parser.pysuite: 299 passed, 4 pre-existing failures (missing C extension/brotli)