bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)

https://bugs.python.org/issue35028

bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973)
https://bugs.python.org/issue35028
b79b5c09 · matthewbelisle-wf · Miss Islington (bot) · b7d62050 · b79b5c09 · b79b5c09
Commit b79b5c09 authored Oct 23, 2018 by matthewbelisle-wf Committed by Miss Islington (bot) Oct 23, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 18 deletions

Lib/cgi.py Lib/cgi.py +12 -11

Lib/test/test_cgi.py Lib/test/test_cgi.py +12 -7

No files found.
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -618,6 +618,11 @@ class FieldStorage:
            first_line = self.fp.readline()
            self.bytes_read += len(first_line)
+        # Propagate max_num_fields into the sub class appropriately
+        max_num_fields = self.max_num_fields
+        if max_num_fields is not None:
+            max_num_fields -= len(self.list)
        while True:
            parser = FeedParser()
            hdr_text = b""
@@ -637,23 +642,19 @@ class FieldStorage:
            if 'content-length' in headers:
                del headers['content-length']
-            # Propagate max_num_fields into the sub class appropriately
-            sub_max_num_fields = self.max_num_fields
-            if sub_max_num_fields is not None:
-                sub_max_num_fields -= len(self.list)
            part = klass(self.fp, headers, ib, environ, keep_blank_values,
                         strict_parsing,self.limit-self.bytes_read,
-                         self.encoding, self.errors, sub_max_num_fields)
+                         self.encoding, self.errors, max_num_fields)
-            max_num_fields = self.max_num_fields
+            if max_num_fields is not None:
-            if max_num_fields is not None and part.list:
+                max_num_fields -= 1
-                max_num_fields -= len(part.list)
+                if part.list:
+                    max_num_fields -= len(part.list)
+                if max_num_fields < 0:
+                    raise ValueError('Max number of fields exceeded')
            self.bytes_read += part.bytes_read
            self.list.append(part)
-            if max_num_fields is not None and max_num_fields < len(self.list):
-                raise ValueError('Max number of fields exceeded')
            if part.done or self.bytes_read >= self.length > 0:
                break
        self.skip_lines()

--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -401,33 +401,38 @@ Larry
        data = """---123
 Content-Disposition: form-data; name="a"
-a
+3
 ---123
 Content-Type: application/x-www-form-urlencoded
-a=a&a=a
+a=4
+---123
+Content-Type: application/x-www-form-urlencoded
+a=5
 ---123--
 """
        environ = {
            'CONTENT_LENGTH':   str(len(data)),
            'CONTENT_TYPE':     'multipart/form-data; boundary=-123',
-            'QUERY_STRING':     'a=a&a=a',
+            'QUERY_STRING':     'a=1&a=2',
            'REQUEST_METHOD':   'POST',
        }
        # 2 GET entities
-        # 2 top level POST entities
+        # 1 top level POST entities
-        # 2 entities within the second POST entity
+        # 1 entity within the second POST entity
+        # 1 entity within the third POST entity
        with self.assertRaises(ValueError):
            cgi.FieldStorage(
                fp=BytesIO(data.encode()),
                environ=environ,
-                max_num_fields=5,
+                max_num_fields=4,
            )
        cgi.FieldStorage(
            fp=BytesIO(data.encode()),
            environ=environ,
-            max_num_fields=6,
+            max_num_fields=5,
        )
    def testQSAndFormData(self):