Skip to content

C
cpython
Commit 2e441f78 authored by Guido van Rossum's avatar Guido van Rossum
Browse files
Options

Fix a denial-of-service attack, SF bug #443120. 

Code by Evan Simpson.
parent 7cf7e7e5
Hide whitespace changes
Inline Side-by-side
Showing with 14 additions and 4 deletions
Lib/cgi.py
View file @ 2e441f78
...@@ -243,10 +243,13 @@ def parse_multipart(fp, pdict): ...@@ -243,10 +243,13 @@ def parse_multipart(fp, pdict):
point in having two implementations of the same parsing algorithm. point in having two implementations of the same parsing algorithm.
""" """
boundary = ""
if pdict.has_key('boundary'): if pdict.has_key('boundary'):
boundary = pdict['boundary'] boundary = pdict['boundary']
else: if not valid_boundary(boundary):
boundary = "" raise ValueError, ('Invalid boundary in multipart form: %s'
% `ib`)
nextpart = "--" + boundary nextpart = "--" + boundary
lastpart = "--" + boundary + "--" lastpart = "--" + boundary + "--"
partdict = {} partdict = {}
...@@ -595,14 +598,18 @@ class FieldStorage: ...@@ -595,14 +598,18 @@ class FieldStorage:
def read_multi(self, environ, keep_blank_values, strict_parsing): def read_multi(self, environ, keep_blank_values, strict_parsing):
"""Internal: read a part that is itself multipart.""" """Internal: read a part that is itself multipart."""
ib = self.innerboundary
if not valid_boundary(ib):
raise ValueError, ('Invalid boundary in multipart form: %s'
% `ib`)
self.list = [] self.list = []
klass = self.FieldStorageClass or self.__class__ klass = self.FieldStorageClass or self.__class__
part = klass(self.fp, {}, self.innerboundary, part = klass(self.fp, {}, ib,
environ, keep_blank_values, strict_parsing) environ, keep_blank_values, strict_parsing)
# Throw first part away # Throw first part away
while not part.done: while not part.done:
headers = rfc822.Message(self.fp) headers = rfc822.Message(self.fp)
part = klass(self.fp, headers, self.innerboundary, part = klass(self.fp, headers, ib,
environ, keep_blank_values, strict_parsing) environ, keep_blank_values, strict_parsing)
self.list.append(part) self.list.append(part)
self.skip_lines() self.skip_lines()
...@@ -999,6 +1006,9 @@ def escape(s, quote=None): ...@@ -999,6 +1006,9 @@ def escape(s, quote=None):
s = s.replace('"', """) s = s.replace('"', """)
return s return s
def valid_boundary(s, _vb_pattern="^[ -~]{0,200}[!-~]$"):
import re
return re.match(_vb_pattern, s)
# Invoke mainline # Invoke mainline
# =============== # ===============
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7