Description
Version
1.5.1
Platform
Darwin ghost.local 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:19:05 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T8112 arm64
Description
Hyper client can panic when processing broken up 1xx HTTP1 responses.
When a server responds with HTTP/1.1 100 Continue\r\nContent-Type: text/plain\r\nServer: BaseHTTP/0.6 Python/3.12.5\r\nDate: Mon, 16 Dec 2024 03:08:27 GMT\r\n\r\nThis is a sample text/plain document.\n\nThis is not an HTML document.\n\n, it's possible for hyper to first read HTTP/1.1 100 Continue\r\nContent-Type: text/plain\r\nServer: BaseHTTP/0.6 Python/3.12.5\r\nDate: Mon, 16 Dec 2024 03:08:27 GMT\r\n\r\n, followed by This is a sample text/plain document.\n\nThis is not an HTML document.\n\n.
This triggers a panic in the code introduced in #3764, since the prev_length value stored after the first response is longer than the length of the second response.
This has been hit independently by both deno and Servo upon upgrading to hyper 1.5.1, since there are web-platform-tests that exercise 1xx responses: https://github.com/web-platform-tests/wpt/blob/master/fetch/security/1xx-response.any.js