8396 – Traceback on bad POST content-type

Bug 8396 - Traceback on bad POST content-type

Summary: Traceback on bad POST content-type

Status:	NEW

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	LowPrio
Assignee:	Bugzilla mail exporter

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-07-25 11:14 CEST by Pierre Ossman
Modified:	2024-08-13 13:18 CEST (History)
CC List:	0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio

2024-07-25 11:14:28 CEST

If a buggy or malicious client sends a broken POST request, you get this in the logs:

> ----------------------------------------
> Traceback (most recent call last):
>   File "/opt/thinlinc/modules/thinlinc/tlwebaccess/server.py", line 144, in do_POST
>     Oooo0o0oO0 = parse_post_request ( self . rfile , self . headers )
>   File "/opt/thinlinc/modules/thinlinc/httpserver.py", line 453, in parse_post_request
>     raise ValueError ( 'Handling for Content-Type "%s" not implemented.' % o0oOO000Oo0 )
> ValueError: Handling for Content-Type "text/plain" not implemented.
> ----------------------------------------
> code 400, message Bad Request
> 'POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1' 400 -

Note You need to log in before you can comment on or make changes to this bug.