mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-30 13:38:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)

Browse source 
https://bugs.python.org/issue35028
This commit is contained in:
matthewbelisle-wf 2018-10-23 03:14:35 -05:00 committed by Miss Islington (bot)
parent b7d62050e7
commit b79b5c0949
2 changed files with 24 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

23
Lib/cgi.py
View file

@ -618,6 +618,11 @@ class FieldStorage:
first_line = self.fp.readline() first_line = self.fp.readline()
self.bytes_read += len(first_line) self.bytes_read += len(first_line)
# Propagate max_num_fields into the sub class appropriately
max_num_fields = self.max_num_fields
if max_num_fields is not None:
max_num_fields -= len(self.list)
while True: while True:
parser = FeedParser() parser = FeedParser()
hdr_text = b"" hdr_text = b""
@ -637,23 +642,19 @@ class FieldStorage:
if 'content-length' in headers: if 'content-length' in headers:
del headers['content-length'] del headers['content-length']
# Propagate max_num_fields into the sub class appropriately
sub_max_num_fields = self.max_num_fields
if sub_max_num_fields is not None:
sub_max_num_fields -= len(self.list)
part = klass(self.fp, headers, ib, environ, keep_blank_values, part = klass(self.fp, headers, ib, environ, keep_blank_values,
strict_parsing,self.limit-self.bytes_read, strict_parsing,self.limit-self.bytes_read,
self.encoding, self.errors, sub_max_num_fields) self.encoding, self.errors, max_num_fields)
max_num_fields = self.max_num_fields if max_num_fields is not None:
if max_num_fields is not None and part.list: max_num_fields -= 1
max_num_fields -= len(part.list) if part.list:
max_num_fields -= len(part.list)
if max_num_fields < 0:
raise ValueError('Max number of fields exceeded')
self.bytes_read += part.bytes_read self.bytes_read += part.bytes_read
self.list.append(part) self.list.append(part)
if max_num_fields is not None and max_num_fields < len(self.list):
raise ValueError('Max number of fields exceeded')
if part.done or self.bytes_read >= self.length > 0: if part.done or self.bytes_read >= self.length > 0:
break break
self.skip_lines() self.skip_lines()

19
Lib/test/test_cgi.py
View file

@ -401,33 +401,38 @@ Larry
data = """---123 data = """---123
Content-Disposition: form-data; name="a" Content-Disposition: form-data; name="a"
a 3
---123 ---123
Content-Type: application/x-www-form-urlencoded Content-Type: application/x-www-form-urlencoded
a=a&a=a a=4
---123
Content-Type: application/x-www-form-urlencoded
a=5
---123-- ---123--
""" """
environ = { environ = {
'CONTENT_LENGTH': str(len(data)), 'CONTENT_LENGTH': str(len(data)),
'CONTENT_TYPE': 'multipart/form-data; boundary=-123', 'CONTENT_TYPE': 'multipart/form-data; boundary=-123',
'QUERY_STRING': 'a=a&a=a', 'QUERY_STRING': 'a=1&a=2',
'REQUEST_METHOD': 'POST', 'REQUEST_METHOD': 'POST',
} }
# 2 GET entities # 2 GET entities
# 2 top level POST entities # 1 top level POST entities
# 2 entities within the second POST entity # 1 entity within the second POST entity
# 1 entity within the third POST entity
with self.assertRaises(ValueError): with self.assertRaises(ValueError):
cgi.FieldStorage( cgi.FieldStorage(
fp=BytesIO(data.encode()), fp=BytesIO(data.encode()),
environ=environ, environ=environ,
max_num_fields=5, max_num_fields=4,
) )
cgi.FieldStorage( cgi.FieldStorage(
fp=BytesIO(data.encode()), fp=BytesIO(data.encode()),
environ=environ, environ=environ,
max_num_fields=6, max_num_fields=5,
) )
def testQSAndFormData(self): def testQSAndFormData(self):