[Django] #37103: HttpRequest.body raises ValueError for malformed CONTENT_LENGTH

Sun, 17 May 2026 04:10:08 -0700 

#37103: HttpRequest.body raises ValueError for malformed CONTENT_LENGTH
-------------------------------------+-------------------------------------
     Reporter:  bankai31337          |                     Type:  Bug
       Status:  new                  |                Component:  HTTP
                                     |  handling
      Version:  dev                  |                 Severity:  Normal
     Keywords:  ASGI Content-Length  |             Triage Stage:
  HttpRequest                        |  Unreviewed
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
 Accessing request.body raises an unhandled ValueError when
 META["CONTENT_LENGTH"] isn't a valid integer:

     ValueError: invalid literal for int() with base 10: '10,20'

 This can happen with ASGIRequest if duplicate Content-Length headers are
 comma-joined into a single META value. Even when such requests are usually
 rejected by common HTTP parsers, HttpRequest.body is currently
 inconsistent
 with other Django code paths.

 WSGIRequest.__init__(), MultiPartParser.__init__(), and
 django.core.servers.basehttp all wrap int(CONTENT_LENGTH) in:

     try:
         ...
     except (ValueError, TypeError):
         content_length = 0

 HttpRequest.body is the only place that calls int(CONTENT_LENGTH) without
 that guard.

 Minimal reproduction:

     from io import BytesIO
     from django.core.handlers.asgi import ASGIRequest
     from django.test import AsyncRequestFactory

     scope = AsyncRequestFactory()._base_scope(method="POST", path="/")
     scope["headers"] = [
         (b"content-type", b"text/plain"),
         (b"content-length", b"10,20"),
     ]

     ASGIRequest(scope, BytesIO(b"hello world body")).body

 Expected behavior:
 request.body should handle malformed CONTENT_LENGTH consistently with
 WSGIRequest and MultiPartParser, falling back to 0 instead of surfacing a
 raw ValueError.

 Actual behavior:
 request.body raises ValueError.

 I have a patch and regression test.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/37103>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019e35a0ea9b-9143d09b-f465-4b5d-a4d2-1dd0ec166da2-000000%40eu-central-1.amazonses.com.

Reply via email to