[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Roundup Robot]

Roundup Robot added the comment:

New changeset 63058453a4cc by Serhiy Storchaka in branch '2.7':
Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
http://hg.python.org/cpython/rev/63058453a4cc

New changeset a48f65bac986 by Serhiy Storchaka in branch '3.3':
Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
http://hg.python.org/cpython/rev/a48f65bac986

New changeset 17ec73a3a854 by Serhiy Storchaka in branch 'default':
Issue #18167: cgi.FieldStorage no more fails to handle multipart/form-data
http://hg.python.org/cpython/rev/17ec73a3a854

--
nosy: +python-dev

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Serhiy Storchaka]

Changes by Serhiy Storchaka storch...@gmail.com:


--
resolution:  - fixed
stage: patch review - committed/rejected
status: open - closed

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Rail Aliiev]

Changes by Rail Aliiev r...@iqchoice.com:


--
nosy: +rail

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Chris AtLee]

Chris AtLee added the comment:

Thanks, your patch is definitely much simpler!

I was worried about the case where you have interrupted \r\n that appears in 
the middle of the content. But that case is handled by the next readline(), 
which returns a single \n.

One question about the tests you've attached - would it be better to be 
explicit about the line endings in check()? Do triple quoted strings in python 
always use \n for EOL regardless of the source code EOL format?

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Serhiy Storchaka]

Serhiy Storchaka added the comment:

 Do triple quoted strings in python always use \n for EOL regardless of the 
 source code EOL format?

Python parser always interprets EOL as \n in string literals.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Serhiy Storchaka]

Changes by Serhiy Storchaka storch...@gmail.com:


--
stage:  - patch review

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Serhiy Storchaka]

Changes by Serhiy Storchaka storch...@gmail.com:


--
versions: +Python 3.3, Python 3.4
Added file: http://bugs.python.org/file30554/issue18167-3.3.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Serhiy Storchaka]

Serhiy Storchaka added the comment:

Thank you for your report, but your patch looks overcomplicated, it fails on 
'x'*65535+'\r'+'y'*65535 and hangs on 'x'*65535+'\r'.

Here is a simpler patch with tests.

--
assignee:  - serhiy.storchaka
nosy: +serhiy.storchaka
Added file: http://bugs.python.org/file30553/issue18167-2.7.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Ben Hearsum]

Changes by Ben Hearsum bhear...@gmail.com:


--
nosy: +Ben.Hearsum

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Chris AtLee]

Chris AtLee added the comment:

To demonstrate how to hit this in a real use case, run the attached script 
which implements a simple http server that saves POSTed files to a local file 
got_data. It returns the sha1sum of the POSTed file as the http response.

Then, create a test file consisting of 65,535 null bytes, and submit with curl.

- % dd if=/dev/zero of=data bs=1 count=65535   

65535+0 records in
65535+0 records out
65535 bytes (66 kB) copied, 0.0890487 s, 736 kB/s

- % sha1sum data
391edab7225a1de662ebc3a1a670a20d8e6a226b  data

- % curl -Fdata=@data http://localhost:8080/
8dd623ef130a8cd3e97086101a6e1255a91fb916%

--
Added file: http://bugs.python.org/file30529/test_cgi_server.py

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Florent Xicluna]

Changes by Florent Xicluna florent.xicl...@gmail.com:


--
nosy: +flox

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Chris AtLee]

New submission from Chris AtLee:

cgi.FieldStorage uses fp.readline(1  16) to read in POSTed file data if no 
content length has been specified. All HTTP clients I've looked at terminate 
the file body with CRLF and then the final MIME boundary. If the file body is 
65,535 bytes, and doesn't contain \n or \r\n, then fp.readline(1  16) will 
return the original 65,535 bytes of the file plus the \r from the final \r\n 
sequence before the final boundary string. Since \r isn't considered a line 
ending, it gets considered as part of the POSTed file data, and you end up with 
an extra \r at the end of the file data.

--
components: Library (Lib)
files: cgi-test-cpython.patch
keywords: patch
messages: 190784
nosy: catlee
priority: normal
severity: normal
status: open
title: cgi.FieldStorage fails to handle multipart/form-data when \r\n appears 
at end of 65535 bytes without other newlines
type: behavior
versions: Python 2.7
Added file: http://bugs.python.org/file30502/cgi-test-cpython.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Chris AtLee]

Chris AtLee added the comment:

This is a possible fix to this issue. It's not as clean as I'd like, but the 
simpler versions I tried could end up with the entire file contents in memory 
for degenerate (or malicious) inputs.

The trick is handling the case where the current line ends with \r. We can't 
know if this is just a normal character in the file, or represents the end of a 
line until we see the start of the next line.

--
Added file: http://bugs.python.org/file30503/cgi-cpython.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines

[Senthil Kumaran]

Changes by Senthil Kumaran sent...@uthcode.com:


--
nosy: +orsenthil

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18167
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com