Add bad header that caused catastrophic backtracking

This lets us validate that we won't accidentally cause the same issue down the line if we mess with the regular expressions
Pylons · Feb 2, 2020 · f87abb7 · f87abb7
1 parent 2fe8e54
commit f87abb7
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/waitress/tests/test_parser.py b/waitress/tests/test_parser.py
@@ -433,6 +433,17 @@ def test_parse_header_multiple_values_extra_space(self):
         self.assertIn("FOO", self.parser.headers)
         self.assertEqual(self.parser.headers["FOO"], "abrowser/0.001 (C O M M E N T)")
 
+    def test_parse_header_invalid_backtrack_bad(self):
+        from waitress.parser import ParsingError
+
+        data = b"GET /foobar HTTP/1.1\r\nfoo: bar\r\nfoo: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\x10\r\n"
+        try:
+            self.parser.parse_header(data)
+        except ParsingError as e:
+            self.assertIn("Invalid header", e.args[0])
+        else:  # pragma: nocover
+            self.assertTrue(False)
+
     def test_parse_header_short_values(self):
         from waitress.parser import ParsingError