summaryrefslogtreecommitdiffstats
path: root/Lib
diff options
context:
space:
mode:
authorChristian Heimes <christian@cheimes.de>2013-06-17 13:45:11 (GMT)
committerChristian Heimes <christian@cheimes.de>2013-06-17 13:45:11 (GMT)
commit9ce4f36aa1e901cd6d61209b37d18602d1e27cc7 (patch)
treec165a9591001cff7d67e1876471706a83671c89b /Lib
parent9a5395ae2b59b31d74fe3ad9c391d89802939d8c (diff)
parenta5f004fe7d2f53f5e246003e4642353de1617cab (diff)
downloadcpython-9ce4f36aa1e901cd6d61209b37d18602d1e27cc7.zip
cpython-9ce4f36aa1e901cd6d61209b37d18602d1e27cc7.tar.gz
cpython-9ce4f36aa1e901cd6d61209b37d18602d1e27cc7.tar.bz2
merge heads
Diffstat (limited to 'Lib')
-rwxr-xr-xLib/cgi.py9
-rw-r--r--Lib/test/test_cgi.py23
2 files changed, 32 insertions, 0 deletions
diff --git a/Lib/cgi.py b/Lib/cgi.py
index 385a57c..e3cf33e 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -786,6 +786,9 @@ class FieldStorage:
if not line:
self.done = -1
break
+ if delim == b"\r":
+ line = delim + line
+ delim = b""
if line.startswith(b"--") and last_line_lfend:
strippedline = line.rstrip()
if strippedline == next_boundary:
@@ -802,6 +805,12 @@ class FieldStorage:
delim = b"\n"
line = line[:-1]
last_line_lfend = True
+ elif line.endswith(b"\r"):
+ # We may interrupt \r\n sequences if they span the 2**16
+ # byte boundary
+ delim = b"\r"
+ line = line[:-1]
+ last_line_lfend = False
else:
delim = b""
last_line_lfend = False
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index cb28aa8..0a1e8d3 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -256,6 +256,29 @@ class CgiTests(unittest.TestCase):
got = getattr(fs.list[x], k)
self.assertEqual(got, exp)
+ def test_fieldstorage_multipart_maxline(self):
+ # Issue #18167
+ maxline = 1 << 16
+ self.maxDiff = None
+ def check(content):
+ data = """---123
+Content-Disposition: form-data; name="upload"; filename="fake.txt"
+Content-Type: text/plain
+
+%s
+---123--
+""".replace('\n', '\r\n') % content
+ environ = {
+ 'CONTENT_LENGTH': str(len(data)),
+ 'CONTENT_TYPE': 'multipart/form-data; boundary=-123',
+ 'REQUEST_METHOD': 'POST',
+ }
+ self.assertEqual(gen_result(data, environ),
+ {'upload': content.encode('latin1')})
+ check('x' * (maxline - 1))
+ check('x' * (maxline - 1) + '\r')
+ check('x' * (maxline - 1) + '\r' + 'y' * (maxline - 1))
+
_qs_result = {
'key1': 'value1',
'key2': ['value2x', 'value2y'],