Upon receiving invalid Content-Length bail

Instead of attempting to continue processing the request, we instead
raise a ParsingError and return a HTTP Bad Request to the client.

This also catches the case where two Content-Length's are sent, and are
folded together using HTTP header folding.

Author: digitalresistor

waitress/parser.py

@@ -254,7 +254,8 @@ def parse_header(self, header_plus):
             try:
                 cl = int(headers.get("CONTENT_LENGTH", 0))
             except ValueError:
-                cl = 0
+                raise ParsingError("Content-Length is invalid")
+
             self.content_length = cl
             if cl > 0:
                 buf = OverflowableBuffer(self.adj.inbuf_overflow)

waitress/tests/test_parser.py

@@ -167,9 +167,28 @@ def test_parse_header_no_cr_in_headerplus(self):
             self.assertTrue(False)
 
     def test_parse_header_bad_content_length(self):
+        from waitress.parser import ParsingError
+
         data = b"GET /foobar HTTP/8.4\r\ncontent-length: abc\r\n"
-        self.parser.parse_header(data)
-        self.assertEqual(self.parser.body_rcv, None)
+
+        try:
+            self.parser.parse_header(data)
+        except ParsingError as e:
+            self.assertIn("Content-Length is invalid", e.args[0])
+        else:  # pragma: nocover
+            self.assertTrue(False)
+
+    def test_parse_header_multiple_content_length(self):
+        from waitress.parser import ParsingError
+
+        data = b"GET /foobar HTTP/8.4\r\ncontent-length: 10\r\ncontent-length: 20\r\n"
+
+        try:
+            self.parser.parse_header(data)
+        except ParsingError as e:
+            self.assertIn("Content-Length is invalid", e.args[0])
+        else:  # pragma: nocover
+            self.assertTrue(False)
 
     def test_parse_header_11_te_chunked(self):
         # NB: test that capitalization of header value is unimportant