New submission from Chris AtLee: cgi.FieldStorage uses fp.readline(1 << 16) to read in POSTed file data if no content length has been specified. All HTTP clients I've looked at terminate the file body with CRLF and then the final MIME boundary. If the file body is 65,535 bytes, and doesn't contain \n or \r\n, then fp.readline(1 << 16) will return the original 65,535 bytes of the file plus the \r from the final \r\n sequence before the final boundary string. Since \r isn't considered a line ending, it gets considered as part of the POSTed file data, and you end up with an extra \r at the end of the file data.
---------- components: Library (Lib) files: cgi-test-cpython.patch keywords: patch messages: 190784 nosy: catlee priority: normal severity: normal status: open title: cgi.FieldStorage fails to handle multipart/form-data when \r\n appears at end of 65535 bytes without other newlines type: behavior versions: Python 2.7 Added file: http://bugs.python.org/file30502/cgi-test-cpython.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18167> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
