Don't succeed on invalid HPACK input.

If given a Huffman-encoded string that we can't decode, rather than
quietly returning an empty string we should throw an exception.

Author: Lukasa

hyper/http20/exceptions.py

@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/exceptions
+~~~~~~~~~~~~~~~~~~~~~~~
+
+This defines exceptions used in the HTTP/2.0 portion of hyper.
+"""
+class HTTP20Error(Exception):
+    """
+    The base class for all of ``hyper``'s HTTP/2.0-related exceptions.
+    """
+    pass
+
+
+class HPACKDecodingError(HTTP20Error):
+    """
+    An error has been encountered while performing HPACK decoding.
+    """
+    pass

hyper/http20/huffman.py

@@ -6,6 +6,8 @@
 An implementation of a bitwise prefix tree specially built for decoding
 Huffman-coded content where we already know the Huffman table.
 """
+from .exceptions import HPACKDecodingError
+
 
 def _pad_binary(bin_str, req_len=8):
     """
@@ -59,13 +61,17 @@ def decode(self, encoded_string):
         number = _hex_to_bin_str(encoded_string)
         cur_node = self.root
         decoded_message = []
-        for digit in number:
-            if digit not in cur_node.mapping:
-                break
-            cur_node = cur_node.mapping[digit]
-            if cur_node.data is not None:
-                decoded_message.append(cur_node.data)
-                cur_node = self.root
+
+        try:
+            for digit in number:
+                cur_node = cur_node.mapping[digit]
+                if cur_node.data is not None:
+                    decoded_message.append(cur_node.data)
+                    cur_node = self.root
+        except KeyError:
+            # We have a Huffman-coded string that doesn't match our trie. This
+            # is pretty bad: raise a useful exception.
+            raise HPACKDecodingError("Invalid Huffman-coded string received.")
         return bytes(decoded_message)
 
 

test/test_hyper.py

@@ -12,6 +12,7 @@
     Stream, STATE_HALF_CLOSED_LOCAL, STATE_OPEN, MAX_CHUNK, STATE_CLOSED
 )
 from hyper.http20.response import HTTP20Response
+from hyper.http20.exceptions import HPACKDecodingError
 from hyper.contrib import HTTP20Adapter
 import pytest
 import zlib
@@ -329,6 +330,15 @@ def test_continuation_frame_parses_properly(self):
         assert f.data == b'hello world'
 
 
+class TestHuffmanDecoder(object):
+    def test_huffman_decoder_throws_useful_exceptions(self):
+        # Specify a HuffmanDecoder with no values in it, then attempt to decode
+        # using it.
+        d = HuffmanDecoder([], [])
+        with pytest.raises(HPACKDecodingError):
+            d.decode(b'test')
+
+
 class TestHPACKEncoder(object):
     # These tests are stolen entirely from the IETF specification examples.
     def test_literal_header_field_with_indexing(self):