Closes #23801 - Ignore entire preamble to multipart in cgi.FieldStorage

author: Donald Stufft <donald@stufft.io> 2015-03-29 20:43:23 (GMT)
committer: Donald Stufft <donald@stufft.io> 2015-03-29 20:43:23 (GMT)
commit: d90f8d10e088657593fa753ecacab95845d378aa (patch)
tree: 826e1017d337826a9b6818539d954ca4c1332c2b /Lib/cgi.py
parent: 1058cda38f1b409c4d52eef236f4915df592a112 (diff)
download: cpython-d90f8d10e088657593fa753ecacab95845d378aa.zip
cpython-d90f8d10e088657593fa753ecacab95845d378aa.tar.gz
cpython-d90f8d10e088657593fa753ecacab95845d378aa.tar.bz2
1 files changed, 7 insertions, 2 deletions
diff --git a/Lib/cgi.py b/Lib/cgi.py
index 1ef780c..6959c9e 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -693,8 +693,13 @@ class FieldStorage:
             raise ValueError("%s should return bytes, got %s" \
                              % (self.fp, type(first_line).__name__))
         self.bytes_read += len(first_line)
-        # first line holds boundary ; ignore it, or check that
-        # b"--" + ib == first_line.strip() ?
+
+        # Ensure that we consume the file until we've hit our inner boundary
+        while (first_line.strip() != (b"--" + self.innerboundary) and
+                first_line):
+            first_line = self.fp.readline()
+            self.bytes_read += len(first_line)
+
         while True:
             parser = FeedParser()
             hdr_text = b""
author	Donald Stufft <donald@stufft.io>	2015-03-29 20:43:23 (GMT)
committer	Donald Stufft <donald@stufft.io>	2015-03-29 20:43:23 (GMT)
commit	d90f8d10e088657593fa753ecacab95845d378aa (patch)
tree	826e1017d337826a9b6818539d954ca4c1332c2b /Lib/cgi.py
parent	1058cda38f1b409c4d52eef236f4915df592a112 (diff)
download	cpython-d90f8d10e088657593fa753ecacab95845d378aa.zip cpython-d90f8d10e088657593fa753ecacab95845d378aa.tar.gz cpython-d90f8d10e088657593fa753ecacab95845d378aa.tar.bz2