aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mitmproxy/net/http/message.py6
-rw-r--r--test/mitmproxy/net/http/test_message.py9
2 files changed, 14 insertions, 1 deletions
diff --git a/mitmproxy/net/http/message.py b/mitmproxy/net/http/message.py
index d3d6898d..166f919a 100644
--- a/mitmproxy/net/http/message.py
+++ b/mitmproxy/net/http/message.py
@@ -103,7 +103,11 @@ class Message(serializable.Serializable):
ce = self.headers.get("content-encoding")
if ce:
try:
- return encoding.decode(self.raw_content, ce)
+ content = encoding.decode(self.raw_content, ce)
+ # A client may illegally specify a byte -> str encoding here (e.g. utf8)
+ if isinstance(content, str):
+ raise ValueError("Invalid Content-Encoding: {}".format(ce))
+ return content
except ValueError:
if strict:
raise
diff --git a/test/mitmproxy/net/http/test_message.py b/test/mitmproxy/net/http/test_message.py
index 69d029d9..a001e734 100644
--- a/test/mitmproxy/net/http/test_message.py
+++ b/test/mitmproxy/net/http/test_message.py
@@ -141,6 +141,15 @@ class TestMessageContentEncoding:
assert r.headers["content-encoding"]
assert r.get_content(strict=False) == b"foo"
+ def test_utf8_as_ce(self):
+ r = tutils.tresp()
+ r.headers["content-encoding"] = "utf8"
+ r.raw_content = b"foo"
+ with tutils.raises(ValueError):
+ assert r.content
+ assert r.headers["content-encoding"]
+ assert r.get_content(strict=False) == b"foo"
+
def test_cannot_decode(self):
r = tutils.tresp()
r.encode("gzip")
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-08 13:13:09 +0000