bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)

https://bugs.python.org/issue35028
author: matthewbelisle-wf <matthew.belisle@workiva.com> 2018-10-23 08:14:35 (GMT)
committer: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> 2018-10-23 08:14:35 (GMT)
commit: b79b5c09493e98374e48fa122d82dab528fc6e72 (patch)
tree: 6ade2e36fa33a07aee88cbcec162c8f885e18a81 /Lib/cgi.py
parent: b7d62050e7d5fc208ae7673613da4f1f2bc565c4 (diff)
download: cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.zip
cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.tar.gz
cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.tar.bz2
1 files changed, 12 insertions, 11 deletions
diff --git a/Lib/cgi.py b/Lib/cgi.py
index adf4dcb..b96bd1f 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -618,6 +618,11 @@ class FieldStorage:
             first_line = self.fp.readline()
             self.bytes_read += len(first_line)
 
+        # Propagate max_num_fields into the sub class appropriately
+        max_num_fields = self.max_num_fields
+        if max_num_fields is not None:
+            max_num_fields -= len(self.list)
+
         while True:
             parser = FeedParser()
             hdr_text = b""
@@ -637,23 +642,19 @@ class FieldStorage:
             if 'content-length' in headers:
                 del headers['content-length']
 
-            # Propagate max_num_fields into the sub class appropriately
-            sub_max_num_fields = self.max_num_fields
-            if sub_max_num_fields is not None:
-                sub_max_num_fields -= len(self.list)
-
             part = klass(self.fp, headers, ib, environ, keep_blank_values,
                          strict_parsing,self.limit-self.bytes_read,
-                         self.encoding, self.errors, sub_max_num_fields)
+                         self.encoding, self.errors, max_num_fields)
 
-            max_num_fields = self.max_num_fields
-            if max_num_fields is not None and part.list:
-                max_num_fields -= len(part.list)
+            if max_num_fields is not None:
+                max_num_fields -= 1
+                if part.list:
+                    max_num_fields -= len(part.list)
+                if max_num_fields < 0:
+                    raise ValueError('Max number of fields exceeded')
 
             self.bytes_read += part.bytes_read
             self.list.append(part)
-            if max_num_fields is not None and max_num_fields < len(self.list):
-                raise ValueError('Max number of fields exceeded')
             if part.done or self.bytes_read >= self.length > 0:
                 break
         self.skip_lines()
author	matthewbelisle-wf <matthew.belisle@workiva.com>	2018-10-23 08:14:35 (GMT)
committer	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	2018-10-23 08:14:35 (GMT)
commit	b79b5c09493e98374e48fa122d82dab528fc6e72 (patch)
tree	6ade2e36fa33a07aee88cbcec162c8f885e18a81 /Lib/cgi.py
parent	b7d62050e7d5fc208ae7673613da4f1f2bc565c4 (diff)
download	cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.zip cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.tar.gz cpython-b79b5c09493e98374e48fa122d82dab528fc6e72.tar.bz2