Message 210166 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	srittau
Recipients	srittau
Date	2014-02-03.21:33:18
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1391463199.17.0.394387661768.issue20504@psf.upfronthosting.co.za>
In-reply-to

Content
Consider the attached test case. This test will run fine with Python 2.7, but will fail with Python 3.3. If cgi.FieldStorage() tries to parse a multipart request without a Content-Length header in the main section, segments will have a length of 0. During the parse process, two instances of FieldStorage are involved. The outer one reads the whole request and creates and delegates reading of the fragment to inner instances. The main problem is that FieldStorage.read_lines_to_outerboundary() of the inner FieldStorage will read nothing, since self.limit is lower than zero. def read_lines_to_outerboundary(self): ... while 1: if _read >= self.limit: break ... This happens, since limit is passed when creating the inner instance in FieldStorage.read_multi(): def read_multi(self, environ, keep_blank_values, strict_parsing): ... part = klass(self.fp, headers, ib, environ, keep_blank_values, strict_parsing,self.limit-self.bytes_read, self.encoding, self.errors) ... Now, if the total request did not have a Content-Length header, self.limit will be -1. The naive fix works for the test case, at least, but I don't know if there are other repercussions: --- /usr/lib/python3.3/cgi.py 2014-02-03 22:31:16.649431125 +0100 +++ cgi.py 2014-02-03 22:32:14.849704379 +0100 @@ -788,7 +788,7 @@ last_line_lfend = True _read = 0 while 1: - if _read >= self.limit: + if self.limit >= 0 and _read >= self.limit: break line = self.fp.readline(1<<16) # bytes self.bytes_read += len(line)

Consider the attached test case. This test will run fine with Python 2.7, but will fail with Python 3.3. If cgi.FieldStorage() tries to parse a multipart request without a Content-Length header in the main section, segments will have a length of 0.

During the parse process, two instances of FieldStorage are involved. The outer one reads the whole request and creates and delegates reading of the fragment to inner instances.

The main problem is that FieldStorage.read_lines_to_outerboundary() of the inner FieldStorage will read nothing, since self.limit is lower than zero.

    def read_lines_to_outerboundary(self):
        ...
        while 1:
            if _read >= self.limit:
                break
        ...

This happens, since limit is passed when creating the inner instance in FieldStorage.read_multi():

    def read_multi(self, environ, keep_blank_values, strict_parsing):
        ...
            part = klass(self.fp, headers, ib, environ, keep_blank_values,
                         strict_parsing,self.limit-self.bytes_read,
                         self.encoding, self.errors)
        ...

Now, if the total request did not have a Content-Length header, self.limit will be -1.

The naive fix works for the test case, at least, but I don't know if there are other repercussions:

--- /usr/lib/python3.3/cgi.py	2014-02-03 22:31:16.649431125 +0100
+++ cgi.py	2014-02-03 22:32:14.849704379 +0100
@@ -788,7 +788,7 @@
         last_line_lfend = True
         _read = 0
         while 1:
-            if _read >= self.limit:
+            if self.limit >= 0 and _read >= self.limit:
                 break
             line = self.fp.readline(1<<16) # bytes
             self.bytes_read += len(line)

History
Date	User	Action	Args
2014-02-03 21:33:19	srittau	set	recipients: + srittau
2014-02-03 21:33:19	srittau	set	messageid: <1391463199.17.0.394387661768.issue20504@psf.upfronthosting.co.za>
2014-02-03 21:33:19	srittau	link	issue20504 messages
2014-02-03 21:33:19	srittau	create