Fixed #12: Crash on receiving high byte in path

daphne/http_protocol.py

@@ -3,6 +3,7 @@ from __future__ import unicode_literals
 import logging
 import six
 import time
+import traceback
 
 from six.moves.urllib_parse import unquote
 from twisted.protocols.policies import ProtocolWrapper
@@ -53,11 +54,26 @@ class WebRequest(http.Request):
         self._got_response_start = False
 
     def process(self):
+        try:
             self.request_start = time.time()
             # Get upgrade header
             upgrade_header = None
             if self.requestHeaders.hasHeader(b"Upgrade"):
                 upgrade_header = self.requestHeaders.getRawHeaders(b"Upgrade")[0]
+            # Get client address if possible
+            if hasattr(self.client, "host") and hasattr(self.client, "port"):
+                self.client_addr = [self.client.host, self.client.port]
+                self.server_addr = [self.host.host, self.host.port]
+            else:
+                self.client_addr = None
+                self.server_addr = None
+            # Check for unicodeish path (or it'll crash when trying to parse)
+            try:
+                self.path.decode("ascii")
+            except UnicodeDecodeError:
+                self.path = b"/"
+                self.basic_error(400, b"Bad Request", "Invalid characters in path")
+                return
             # Calculate query string
             self.query_string = b""
             if b"?" in self.uri:
@@ -103,13 +119,6 @@ class WebRequest(http.Request):
                         self.clean_headers.append((name.lower(), value))
                 logger.debug("HTTP %s request for %s", self.method, self.reply_channel)
                 self.content.seek(0, 0)
-            # Get client address if possible
-            if hasattr(self.client, "host") and hasattr(self.client, "port"):
-                self.client_addr = [self.client.host, self.client.port]
-                self.server_addr = [self.host.host, self.host.port]
-            else:
-                self.client_addr = None
-                self.server_addr = None
                 # Send message
                 try:
                     self.factory.channel_layer.send("http.request", {
@@ -128,6 +137,9 @@ class WebRequest(http.Request):
                 except self.factory.channel_layer.ChannelFull:
                     # Channel is too full; reject request with 503
                     self.basic_error(503, b"Service Unavailable", "Request queue full.")
+        except Exception as e:
+            logger.error(traceback.format_exc())
+            self.basic_error(500, b"Internal Server Error", "HTTP processing error")
 
     @classmethod
     def unquote(cls, value):
@@ -195,6 +207,7 @@ class WebRequest(http.Request):
         if not message.get("more_content", False):
             self.finish()
             logger.debug("HTTP response complete for %s", self.reply_channel)
+            try:
                 self.factory.log_action("http", "complete", {
                     "path": self.path.decode("ascii"),
                     "status": self.code,
@@ -203,6 +216,8 @@ class WebRequest(http.Request):
                     "time_taken": self.duration(),
                     "size": self.sentLength,
                 })
+            except Exception as e:
+                logging.error(traceback.format_exc())
         else:
             logger.debug("HTTP response chunk for %s", self.reply_channel)