[Python-checkins] CVS: python/dist/src/Lib cgi.py,1.64,1.65

Guido van Rossum gvanrossum@users.sourceforge.net
Wed, 25 Jul 2001 14:00:21 -0700 

Update of /cvsroot/python/python/dist/src/Lib
In directory usw-pr-cvs1:/tmp/cvs-serv20163

Modified Files:
	cgi.py 
Log Message:
Fix a denial-of-service attack, SF bug #443120.

Code by Evan Simpson.


Index: cgi.py
===================================================================
RCS file: /cvsroot/python/python/dist/src/Lib/cgi.py,v
retrieving revision 1.64
retrieving revision 1.65
diff -C2 -d -r1.64 -r1.65
*** cgi.py	2001/06/29 13:06:06	1.64
--- cgi.py	2001/07/25 21:00:19	1.65
***************
*** 244,251 ****
  
      """
      if pdict.has_key('boundary'):
          boundary = pdict['boundary']
!     else:
!         boundary = ""
      nextpart = "--" + boundary
      lastpart = "--" + boundary + "--"
--- 244,254 ----
  
      """
+     boundary = ""
      if pdict.has_key('boundary'):
          boundary = pdict['boundary']
!     if not valid_boundary(boundary):
!         raise ValueError,  ('Invalid boundary in multipart form: %s' 
!                             % `ib`)
!     
      nextpart = "--" + boundary
      lastpart = "--" + boundary + "--"
***************
*** 596,607 ****
      def read_multi(self, environ, keep_blank_values, strict_parsing):
          """Internal: read a part that is itself multipart."""
          self.list = []
          klass = self.FieldStorageClass or self.__class__
!         part = klass(self.fp, {}, self.innerboundary,
                       environ, keep_blank_values, strict_parsing)
          # Throw first part away
          while not part.done:
              headers = rfc822.Message(self.fp)
!             part = klass(self.fp, headers, self.innerboundary,
                           environ, keep_blank_values, strict_parsing)
              self.list.append(part)
--- 599,614 ----
      def read_multi(self, environ, keep_blank_values, strict_parsing):
          """Internal: read a part that is itself multipart."""
+         ib = self.innerboundary
+         if not valid_boundary(ib):
+             raise ValueError, ('Invalid boundary in multipart form: %s' 
+                                % `ib`)
          self.list = []
          klass = self.FieldStorageClass or self.__class__
!         part = klass(self.fp, {}, ib,
                       environ, keep_blank_values, strict_parsing)
          # Throw first part away
          while not part.done:
              headers = rfc822.Message(self.fp)
!             part = klass(self.fp, headers, ib,
                           environ, keep_blank_values, strict_parsing)
              self.list.append(part)
***************
*** 1000,1003 ****
--- 1007,1013 ----
      return s
  
+ def valid_boundary(s, _vb_pattern="^[ -~]{0,200}[!-~]$"):
+     import re
+     return re.match(_vb_pattern, s)
  
  # Invoke mainline