On Aug 28, 7:58 pm, "david b." <db.pub.m...@gmail.com> wrote: > Ok so I was looking through the code and I saw this (in > django/core/files/uploadhandler.py) : > > FileUploadHandler > ... > > def new_file(self, field_name, file_name, content_type, > content_length, charset=None): > """ > Signal that a new file has been started. > > Warning: As with any data from the client, you should not trust > content_length (and sometimes won't even get it). > """ > > So the content_length we control right? - Maybe I missed something but > ... I can say I want to upload a small file then upload a file that > triggers an oom condition / use a lot of memory no ? ... > > And then this. > > class MemoryFileUploadHandler(FileUploadHandler): > """ > File upload handler to stream uploads into memory (used for small > files). > """ > > def handle_raw_input(self, input_data, META, content_length, > boundary, encoding=None): > """ > Use the content_length to signal whether or not this handler > should be in use. > """ > # Check the content-length header to see if we should > # If the post is too large, we cannot use the Memory handler. > if content_length > settings.FILE_UPLOAD_MAX_MEMORY_SIZE: > self.activated = False > else: > self.activated = True > > def new_file(self, *args, **kwargs): > super(MemoryFileUploadHandler, self).new_file(*args, **kwargs) > if self.activated: > self.file = StringIO() > raise StopFutureHandlers() > > def receive_data_chunk(self, raw_data, start): > """ > Add the data to the StringIO file. > """ > if self.activated: > self.file.write(raw_data) > else: > return raw_data > > def file_complete(self, file_size): > """ > Return a file object if we're activated. > """ > if not self.activated: > return > > self.file.seek(0) > return InMemoryUploadedFile( > file = self.file, > field_name = self.field_name, > name = self.file_name, > content_type = self.content_type, > size = file_size, > > There is a regression test for this BUT --> in the test suite there > is # A small file (under the 5M quota) > which is governed by > (django/tests/regressiontests/file_uploads/uploadhandler.py) > > def receive_data_chunk(self, raw_data, start): > self.total_upload += len(raw_data) > if self.total_upload >= self.QUOTA: > raise StopUpload(connection_reset=True) > return raw_data > > So obviously my proposed attack is to simply say "content length is > tiny" and "this file is actually HUGE". > I hope I missed something :) I don't really want this to occur ...
A decent web server such as Apache (under mod_wsgi) will stop reading the original content at the content length specified in the request. Thus not possible to force more than content length down to the application level. Graham -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
