Issue 41398: cgi module, parse_multipart fails

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/85570

classification

Title:	cgi module, parse_multipart fails
Type:	behavior	Stage:
Components:	Library (Lib)	Versions:	Python 3.8, Python 3.7

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	Jeffrey.Kintscher, Magnus Johnsson, ethan.furman, gvanrossum
Priority:	normal	Keywords:

Created on 2020-07-26 09:58 by Magnus Johnsson, last changed 2022-04-11 14:59 by admin.

Files
File name	Uploaded	Description	Edit
60_Request.txt	Magnus Johnsson, 2020-07-26 09:58	The request that fails.

Messages (5)
msg374307 - (view)	Author: Magnus Johnsson (Magnus Johnsson)	Date: 2020-07-26 09:58
When using the cgi module, parse_multipart fails with the supplied file with the error: Invalid boundary in multipart form: b'' A sample program that demonstrates the error: import cgi f = open("60_Request.txt", "r") print(cgi.parse_multipart(f, {'boundary': b'BgTzK0jM20UH01naJdsmAWUj7sqqeoikGZvh3mo9', 'CONTENT-LENGTH': 3992})) This affects for instance Twisted, and all its dependencies.
msg374374 - (view)	Author: Magnus Johnsson (Magnus Johnsson)	Date: 2020-07-27 12:49
https://github.com/yohanboniface/falcon-multipart/issues/8 It would seem that the same issue pops up elsewhere. We do indeed set the content-type, as per the default examples for unity.
msg374705 - (view)	Author: Guido van Rossum (gvanrossum) *	Date: 2020-08-03 00:31
So per the stackoverflow explanation you shouldn’t do that? Should we close this?
msg374753 - (view)	Author: Magnus Johnsson (Magnus Johnsson)	Date: 2020-08-03 20:10
No, of course not. The request is completely valid. Python's cgi library parses it wrong. The 'resolution' that needs to be done is to fix it in python's source. That, and the libraries that depend on it, like twisted, probably needs to move away from using python's cgi library at all, given the age of this bug. As it stands, we have had to patch 16 separate calls, and will be moving away from the twisted-based server over it anyway, since it seems sketchy. Going to have a peek at the source, but I am a bit hesitant to touch things that have that large a userbase.
msg374757 - (view)	Author: Guido van Rossum (gvanrossum) *	Date: 2020-08-03 21:23
Could you submit a PR then? I don't think I've looked at that module in 20 years.

History
Date	User	Action	Args
2022-04-11 14:59:34	admin	set	github: 85570
2020-08-05 23:33:14	Jeffrey.Kintscher	set	nosy: + Jeffrey.Kintscher
2020-08-03 21:23:52	gvanrossum	set	messages: + msg374757
2020-08-03 20:10:34	Magnus Johnsson	set	messages: + msg374753
2020-08-03 00:31:54	gvanrossum	set	nosy: + gvanrossum messages: + msg374705
2020-07-27 12:49:17	Magnus Johnsson	set	messages: + msg374374
2020-07-26 11:55:16	SilentGhost	set	nosy: + ethan.furman type: behavior components: + Library (Lib)
2020-07-26 09:58:23	Magnus Johnsson	create