[issue18167] cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines
Chris AtLee
report at bugs.python.org
Mon Jun 10 17:23:49 CEST 2013
Chris AtLee added the comment:
To demonstrate how to hit this in a real use case, run the attached script which implements a simple http server that saves POSTed files to a local file "got_data". It returns the sha1sum of the POSTed file as the http response.
Then, create a test file consisting of 65,535 null bytes, and submit with curl.
-> % dd if=/dev/zero of=data bs=1 count=65535
65535+0 records in
65535+0 records out
65535 bytes (66 kB) copied, 0.0890487 s, 736 kB/s
-> % sha1sum data
391edab7225a1de662ebc3a1a670a20d8e6a226b data
-> % curl -Fdata=@data http://localhost:8080/
8dd623ef130a8cd3e97086101a6e1255a91fb916%
----------
Added file: http://bugs.python.org/file30529/test_cgi_server.py
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue18167>
_______________________________________
More information about the Python-bugs-list
mailing list