Message268460
Discovered here: https://github.com/bottlepy/bottle/issues/856
If a multipart section has a "Content-Length" header, but no "filename" attribute in the "Content-Disposition" header, cgi.FieldStorage tries to write binary data to a temporary file opened in text-mode.
The problem here is that cgi.FieldStorage tries to decide if something is a binary file-upload or a unicode form-field, but it does so based on two different headers in two different places. If the headers contradict each other (form-fields usually don't have a Content-Length, file-uploads usually have a filename), parsing breaks with a TypeError.
Unfortunately, there are some HTTP client libraries out there that trigger this bug.
Here is what happens:
A "Content-Length" header causes `cgi.FieldStorage.length` to be is set (which is fine).
https://hg.python.org/cpython/file/3.4/Lib/cgi.py#l550
If `length` has a value, `read_binary()` is used instead of `read_lines()` (which is questionable).
https://hg.python.org/cpython/file/3.4/Lib/cgi.py#l733
`read_binary()` calls `make_file()` which creates the buffer file in text mode if it does not find a `filename` attribute in the "Content-Disposition" Header (which is somewhat okay).
https://hg.python.org/cpython/file/3.4/Lib/cgi.py#l515
https://hg.python.org/cpython/file/3.4/Lib/cgi.py#l893
The bug is triggered if the last two steps disagree on the bytes vs. text question. |
|
Date |
User |
Action |
Args |
2016-06-13 18:45:31 | Marcel Hellkamp | set | recipients:
+ Marcel Hellkamp |
2016-06-13 18:45:31 | Marcel Hellkamp | set | messageid: <1465843531.5.0.166620691183.issue27308@psf.upfronthosting.co.za> |
2016-06-13 18:45:31 | Marcel Hellkamp | link | issue27308 messages |
2016-06-13 18:45:31 | Marcel Hellkamp | create | |
|