Author Marcel Hellkamp
Recipients Marcel Hellkamp
Date 2016-06-13.18:45:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Discovered here:

If a multipart section has a "Content-Length" header, but no "filename" attribute in the "Content-Disposition" header, cgi.FieldStorage tries to write binary data to a temporary file opened in text-mode.

The problem here is that cgi.FieldStorage tries to decide if something is a binary file-upload or a unicode form-field, but it does so based on two different headers in two different places. If the headers contradict each other (form-fields usually don't have a Content-Length, file-uploads usually have a filename), parsing breaks with a TypeError.

Unfortunately, there are some HTTP client libraries out there that trigger this bug.

Here is what happens:

A "Content-Length" header causes `cgi.FieldStorage.length` to be is set (which is fine).

If `length` has a value, `read_binary()` is used instead of `read_lines()` (which is questionable).

`read_binary()` calls `make_file()` which creates the buffer file in text mode if it does not find a `filename` attribute in the "Content-Disposition" Header (which is somewhat okay).

The bug is triggered if the last two steps disagree on the bytes vs. text question.
Date User Action Args
2016-06-13 18:45:31Marcel Hellkampsetrecipients: + Marcel Hellkamp
2016-06-13 18:45:31Marcel Hellkampsetmessageid: <>
2016-06-13 18:45:31Marcel Hellkamplinkissue27308 messages
2016-06-13 18:45:31Marcel Hellkampcreate