Chris McDonough's patch to defend against certain DoS attacks on FieldStorage.

SF bug #1112549.
author: Guido van Rossum <guido@python.org> 2006-08-10 17:41:07 (GMT)
committer: Guido van Rossum <guido@python.org> 2006-08-10 17:41:07 (GMT)
commit: 9568b738ec3f52f1e82501e943ba9d67b77aa32a (patch)
tree: 42ebc96bd35759551668e167ad326fd73ae9ebcf /Lib/cgi.py
parent: cd3d8bee022cda55c43c2130122d092f5059d115 (diff)
download: cpython-9568b738ec3f52f1e82501e943ba9d67b77aa32a.zip
cpython-9568b738ec3f52f1e82501e943ba9d67b77aa32a.tar.gz
cpython-9568b738ec3f52f1e82501e943ba9d67b77aa32a.tar.bz2
1 files changed, 15 insertions, 5 deletions
diff --git a/Lib/cgi.py b/Lib/cgi.py
index 41dc433..f31938b 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -251,6 +251,10 @@ def parse_multipart(fp, pdict):
 
     XXX This should really be subsumed by FieldStorage altogether -- no
     point in having two implementations of the same parsing algorithm.
+    Also, FieldStorage protects itself better against certain DoS attacks
+    by limiting the size of the data read in one chunk.  The API here
+    does not support that kind of protection.  This also affects parse()
+    since it can call parse_multipart().
 
     """
     boundary = ""
@@ -699,7 +703,7 @@ class FieldStorage:
     def read_lines_to_eof(self):
         """Internal: read lines until EOF."""
         while 1:
-            line = self.fp.readline()
+            line = self.fp.readline(1<<16)
             if not line:
                 self.done = -1
                 break
@@ -710,12 +714,13 @@ class FieldStorage:
         next = "--" + self.outerboundary
         last = next + "--"
         delim = ""
+        last_line_lfend = True
         while 1:
-            line = self.fp.readline()
+            line = self.fp.readline(1<<16)
             if not line:
                 self.done = -1
                 break
-            if line[:2] == "--":
+            if line[:2] == "--" and last_line_lfend:
                 strippedline = line.strip()
                 if strippedline == next:
                     break
@@ -726,11 +731,14 @@ class FieldStorage:
             if line[-2:] == "\r\n":
                 delim = "\r\n"
                 line = line[:-2]
+                last_line_lfend = True
             elif line[-1] == "\n":
                 delim = "\n"
                 line = line[:-1]
+                last_line_lfend = True
             else:
                 delim = ""
+                last_line_lfend = False
             self.__write(odelim + line)
 
     def skip_lines(self):
@@ -739,18 +747,20 @@ class FieldStorage:
             return
         next = "--" + self.outerboundary
         last = next + "--"
+        last_line_lfend = True
         while 1:
-            line = self.fp.readline()
+            line = self.fp.readline(1<<16)
             if not line:
                 self.done = -1
                 break
-            if line[:2] == "--":
+            if line[:2] == "--" and last_line_lfend:
                 strippedline = line.strip()
                 if strippedline == next:
                     break
                 if strippedline == last:
                     self.done = 1
                     break
+            last_line_lfend = line.endswith('\n')
 
     def make_file(self, binary=None):
         """Overridable: return a readable & writable file.
author	Guido van Rossum <guido@python.org>	2006-08-10 17:41:07 (GMT)
committer	Guido van Rossum <guido@python.org>	2006-08-10 17:41:07 (GMT)
commit	9568b738ec3f52f1e82501e943ba9d67b77aa32a (patch)
tree	42ebc96bd35759551668e167ad326fd73ae9ebcf /Lib/cgi.py
parent	cd3d8bee022cda55c43c2130122d092f5059d115 (diff)
download	cpython-9568b738ec3f52f1e82501e943ba9d67b77aa32a.zip cpython-9568b738ec3f52f1e82501e943ba9d67b77aa32a.tar.gz cpython-9568b738ec3f52f1e82501e943ba9d67b77aa32a.tar.bz2