Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data

when \r\n appears at end of 65535 bytes without other newlines.
2013-06-17 16:34:41 +03:00 · 2013-06-17 16:34:41 +03:00 · c7bfe0e42e
parent 8b56292079
commit c7bfe0e42e
3 changed files with 35 additions and 0 deletions
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@ -786,6 +786,9 @@ class FieldStorage:
            if not line:
                self.done = -1
                break
+            if delim == b"\r":
+                line = delim + line
+                delim = b""
            if line.startswith(b"--") and last_line_lfend:
                strippedline = line.rstrip()
                if strippedline == next_boundary:
@ -802,6 +805,12 @@ class FieldStorage:
                delim = b"\n"
                line = line[:-1]
                last_line_lfend = True
+            elif line.endswith(b"\r"):
+                # We may interrupt \r\n sequences if they span the 2**16
+                # byte boundary
+                delim = b"\r"
+                line = line[:-1]
+                last_line_lfend = False
            else:
                delim = b""
                last_line_lfend = False
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@ -256,6 +256,29 @@ class CgiTests(unittest.TestCase):
                    got = getattr(fs.list[x], k)
                    self.assertEqual(got, exp)

+    def test_fieldstorage_multipart_maxline(self):
+        # Issue #18167
+        maxline = 1 << 16
+        self.maxDiff = None
+        def check(content):
+            data = """---123
+Content-Disposition: form-data; name="upload"; filename="fake.txt"
+Content-Type: text/plain
+
+%s
+---123--
+""".replace('\n', '\r\n') % content
+            environ = {
+                'CONTENT_LENGTH':   str(len(data)),
+                'CONTENT_TYPE':     'multipart/form-data; boundary=-123',
+                'REQUEST_METHOD':   'POST',
+            }
+            self.assertEqual(gen_result(data, environ),
+                             {'upload': content.encode('latin1')})
+        check('x' * (maxline - 1))
+        check('x' * (maxline - 1) + '\r')
+        check('x' * (maxline - 1) + '\r' + 'y' * (maxline - 1))
+
    _qs_result = {
        'key1': 'value1',
        'key2': ['value2x', 'value2y'],
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -32,6 +32,9 @@ Core and Builtins
 Library
 -------

+- Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
+  when \r\n appears at end of 65535 bytes without other newlines.
+
 - subprocess: Prevent a possible double close of parent pipe fds when the
  subprocess exec runs into an error.  Prevent a regular multi-close of the
  /dev/null fd when any of stdin, stdout and stderr was set to DEVNULL.