Chris McDonough's patch to defend against certain DoS attacks on FieldStorage.

SF bug #1112549.
2025-10-27 11:44:39 +00:00 · 2006-08-10 17:41:07 +00:00 · 2006-08-10 17:41:07 +00:00 · 9568b738ec
commit 9568b738ec
parent cd3d8bee02
3 changed files with 86 additions and 5 deletions
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@ -251,6 +251,10 @@ def parse_multipart(fp, pdict):

    XXX This should really be subsumed by FieldStorage altogether -- no
    point in having two implementations of the same parsing algorithm.
+    Also, FieldStorage protects itself better against certain DoS attacks
+    by limiting the size of the data read in one chunk.  The API here
+    does not support that kind of protection.  This also affects parse()
+    since it can call parse_multipart().

    """
    boundary = ""
@ -699,7 +703,7 @@ def __write(self, line):
    def read_lines_to_eof(self):
        """Internal: read lines until EOF."""
        while 1:
-            line = self.fp.readline()
+            line = self.fp.readline(1<<16)
            if not line:
                self.done = -1
                break
@ -710,12 +714,13 @@ def read_lines_to_outerboundary(self):
        next = "--" + self.outerboundary
        last = next + "--"
        delim = ""
+        last_line_lfend = True
        while 1:
-            line = self.fp.readline()
+            line = self.fp.readline(1<<16)
            if not line:
                self.done = -1
                break
-            if line[:2] == "--":
+            if line[:2] == "--" and last_line_lfend:
                strippedline = line.strip()
                if strippedline == next:
                    break
@ -726,11 +731,14 @@ def read_lines_to_outerboundary(self):
            if line[-2:] == "\r\n":
                delim = "\r\n"
                line = line[:-2]
+                last_line_lfend = True
            elif line[-1] == "\n":
                delim = "\n"
                line = line[:-1]
+                last_line_lfend = True
            else:
                delim = ""
+                last_line_lfend = False
            self.__write(odelim + line)

    def skip_lines(self):
@ -739,18 +747,20 @@ def skip_lines(self):
            return
        next = "--" + self.outerboundary
        last = next + "--"
+        last_line_lfend = True
        while 1:
-            line = self.fp.readline()
+            line = self.fp.readline(1<<16)
            if not line:
                self.done = -1
                break
-            if line[:2] == "--":
+            if line[:2] == "--" and last_line_lfend:
                strippedline = line.strip()
                if strippedline == next:
                    break
                if strippedline == last:
                    self.done = 1
                    break
+            last_line_lfend = line.endswith('\n')

    def make_file(self, binary=None):
        """Overridable: return a readable & writable file.