Closed as not planned
Description
Sending a null byte in an HTTP request path or URL triggers an uncaught ValueError in CPython 3.10 and below.
Reproduction Instructions
Open two terminals and do the following (requires python <=3.10; current 3.10 branch included):
Terminal 1:
$ ./python -m http.server --bind 127.0.0.1
Serving HTTP on 127.0.0.1 port 8000 (http://127.0.0.1:8000/) ...Terminal 2:
$ printf 'GET \x00 HTTP/1.1\r\n\r\n' | nc localhost 8000Terminal 1:
----------------------------------------
Exception occurred during processing of request from ('127.0.0.1', 56900)
Traceback (most recent call last):
File "/home/bkallus/clones/cpython/Lib/socketserver.py", line 683, in process_request_thread
self.finish_request(request, client_address)
File "/home/bkallus/clones/cpython/Lib/http/server.py", line 1304, in finish_request
self.RequestHandlerClass(request, client_address, self,
File "/home/bkallus/clones/cpython/Lib/http/server.py", line 668, in __init__
super().__init__(*args, **kwargs)
File "/home/bkallus/clones/cpython/Lib/socketserver.py", line 747, in __init__
self.handle()
File "/home/bkallus/clones/cpython/Lib/http/server.py", line 433, in handle
self.handle_one_request()
File "/home/bkallus/clones/cpython/Lib/http/server.py", line 421, in handle_one_request
method()
File "/home/bkallus/clones/cpython/Lib/http/server.py", line 672, in do_GET
f = self.send_head()
File "/home/bkallus/clones/cpython/Lib/http/server.py", line 727, in send_head
f = open(path, 'rb')
ValueError: embedded null byte
----------------------------------------
This bug is fixed in python 3.11+, but I haven't yet figured out why. As far as I can tell, the relevant portions of Lib/http/server.py and Lib/socketserver.py remain unchanged. I think the issue boils down to catching only OSErrors, but not ValueErrors, even though open can raise ValueErrors. I would guess that this happened because the docs do not clearly state that open(path, 'rb') can raise a ValueError.
Environment:
Arch Linux, x86_64
Python 3.10.10+