Handle dead connections in HTTP response methods

When a client disconnects mid-response, binding.pyx raises ReferenceError
from connection.send() because the underlying C connection (thisptr) is
NULL. This became more visible after _log_request() was added, since the
SQLite write introduces enough delay for clients to disconnect before the
response is sent.

Catch ReferenceError in send_response, send_header, and end_headers so
the response path silently stops instead of crashing.

Author: micheloosterhof

modules/python/dionaea/http.py

@@ -1088,7 +1088,10 @@ def send_response(self, code, message=None):
                 message = self.responses[code][0]
             else:
                 message = ''
-        self.send(f"HTTP/1.1 {code} {message}\r\n")
+        try:
+            self.send(f"HTTP/1.1 {code} {message}\r\n")
+        except ReferenceError:
+            return
 
     def send_error(self, code, message=None):
         if message is None:
@@ -1140,10 +1143,16 @@ def send_error(self, code, message=None):
         return f
 
     def send_header(self, key, value):
-        self.send(f"{key}: {value}\r\n")
+        try:
+            self.send(f"{key}: {value}\r\n")
+        except ReferenceError:
+            return
 
     def end_headers(self) -> None:
-        self.send("\r\n")
+        try:
+            self.send("\r\n")
+        except ReferenceError:
+            return
 
     def handle_disconnect(self) -> bool:
         return False

tests/http/tests/test_http_dead_connection.py

@@ -0,0 +1,78 @@
+# ABOUTME: Tests that HTTP response methods handle dead connections gracefully.
+# ABOUTME: Verifies send_response, send_header, end_headers don't crash when the client disconnects mid-response.
+
+# This file is part of the dionaea honeypot
+#
+# SPDX-FileCopyrightText: 2026 Michel
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+
+"""
+When a client disconnects mid-response, binding.pyx raises ReferenceError
+from connection.send() because the underlying C connection object is gone.
+The HTTP response methods must handle this gracefully instead of crashing.
+"""
+
+import os
+import sys
+import types
+import unittest.mock
+
+# Set up mock modules for dionaea's C extension dependencies before importing http.py
+_dionaea_mod = types.ModuleType("dionaea")
+_dionaea_mod.__path__ = [os.path.join(os.path.dirname(__file__), '..', '..', '..', 'modules', 'python', 'dionaea')]
+_dionaea_mod.ServiceLoader = type("ServiceLoader", (), {})
+
+_core_mod = types.ModuleType("dionaea.core")
+
+
+class _FakeConnection:
+    """Stand-in for binding.pyx connection whose send() raises ReferenceError."""
+    pass
+
+
+_core_mod.connection = _FakeConnection
+_core_mod.g_dionaea = unittest.mock.MagicMock()
+_core_mod.incident = unittest.mock.MagicMock()
+
+_util_mod = types.ModuleType("dionaea.util")
+_util_mod.detect_shellshock = lambda *a, **kw: None
+
+_exc_mod = types.ModuleType("dionaea.exception")
+_exc_mod.ServiceConfigError = type("ServiceConfigError", (Exception,), {})
+
+sys.modules["dionaea"] = _dionaea_mod
+sys.modules["dionaea.core"] = _core_mod
+sys.modules["dionaea.util"] = _util_mod
+sys.modules["dionaea.exception"] = _exc_mod
+
+# Now we can import httpd
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', '..', '..', 'modules', 'python'))
+from dionaea.http import httpd  # noqa: E402
+
+
+def _make_dead_httpd():
+    """Create an httpd whose send() raises ReferenceError (dead C connection)."""
+    h = httpd.__new__(httpd)
+    h.responses = httpd.responses
+
+    def dead_send(data, **kwargs):
+        raise ReferenceError("the object requested does not exist")
+
+    h.send = dead_send
+    return h
+
+
+def test_send_response_on_dead_connection():
+    h = _make_dead_httpd()
+    h.send_response(404)
+
+
+def test_send_header_on_dead_connection():
+    h = _make_dead_httpd()
+    h.send_header("Content-Type", "text/html")
+
+
+def test_end_headers_on_dead_connection():
+    h = _make_dead_httpd()
+    h.end_headers()