+40
-0
lines changedFilter options
+40
-0
lines changed Original file line number Diff line number Diff line change
@@ -248,6 +248,8 @@ def parse(self):
248 248
remaining = len(stripped_chunk) % 4
249 249
while remaining != 0:
250 250
over_chunk = field_stream.read(4 - remaining)
251 +
if not over_chunk:
252 +
break
251 253
stripped_chunk += b"".join(over_chunk.split())
252 254
remaining = len(stripped_chunk) % 4
253 255
@@ -15,3 +15,9 @@ posing an XSS attack vector.
15 15
In order to avoid this vulnerability, ``{% debug %}`` no longer outputs an
16 16
information when the ``DEBUG`` setting is ``False``, and it ensures all context
17 17
variables are correctly escaped when the ``DEBUG`` setting is ``True``.
18 + 19 +
CVE-2022-23833: Denial-of-service possibility in file uploads
20 +
=============================================================
21 + 22 +
Passing certain inputs to multipart forms could result in an infinite loop when
23 +
parsing files.
Original file line number Diff line number Diff line change
@@ -15,3 +15,9 @@ posing an XSS attack vector.
15 15
In order to avoid this vulnerability, ``{% debug %}`` no longer outputs an
16 16
information when the ``DEBUG`` setting is ``False``, and it ensures all context
17 17
variables are correctly escaped when the ``DEBUG`` setting is ``True``.
18 + 19 +
CVE-2022-23833: Denial-of-service possibility in file uploads
20 +
=============================================================
21 + 22 +
Passing certain inputs to multipart forms could result in an infinite loop when
23 +
parsing files.
Original file line number Diff line number Diff line change
@@ -18,6 +18,12 @@ In order to avoid this vulnerability, ``{% debug %}`` no longer outputs an
18 18
information when the ``DEBUG`` setting is ``False``, and it ensures all context
19 19
variables are correctly escaped when the ``DEBUG`` setting is ``True``.
20 20 21 +
CVE-2022-23833: Denial-of-service possibility in file uploads
22 +
=============================================================
23 + 24 +
Passing certain inputs to multipart forms could result in an infinite loop when
25 +
parsing files.
26 + 21 27
Bugfixes
22 28
========
23 29
@@ -139,6 +139,26 @@ def test_big_base64_upload(self):
139 139
def test_big_base64_newlines_upload(self):
140 140
self._test_base64_upload("Big data" * 68000, encode=base64.encodebytes)
141 141 142 +
def test_base64_invalid_upload(self):
143 +
payload = client.FakePayload('\r\n'.join([
144 +
'--' + client.BOUNDARY,
145 +
'Content-Disposition: form-data; name="file"; filename="test.txt"',
146 +
'Content-Type: application/octet-stream',
147 +
'Content-Transfer-Encoding: base64',
148 +
''
149 +
]))
150 +
payload.write(b'\r\n!\r\n')
151 +
payload.write('--' + client.BOUNDARY + '--\r\n')
152 +
r = {
153 +
'CONTENT_LENGTH': len(payload),
154 +
'CONTENT_TYPE': client.MULTIPART_CONTENT,
155 +
'PATH_INFO': '/echo_content/',
156 +
'REQUEST_METHOD': 'POST',
157 +
'wsgi.input': payload,
158 +
}
159 +
response = self.client.request(**r)
160 +
self.assertEqual(response.json()['file'], '')
161 + 142 162
def test_unicode_file_name(self):
143 163
with sys_tempfile.TemporaryDirectory() as temp_dir:
144 164
# This file contains Chinese symbols and an accented char in the name.
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4