From b79b5c09493e98374e48fa122d82dab528fc6e72 Mon Sep 17 00:00:00 2001 From: matthewbelisle-wf Date: Tue, 23 Oct 2018 03:14:35 -0500 Subject: bpo-35028: cgi: Fix max_num_fields off by one error (GH-9973) https://bugs.python.org/issue35028 --- Lib/cgi.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'Lib/cgi.py') diff --git a/Lib/cgi.py b/Lib/cgi.py index adf4dcba19..b96bd1f0fe 100755 --- a/Lib/cgi.py +++ b/Lib/cgi.py @@ -618,6 +618,11 @@ class FieldStorage: first_line = self.fp.readline() self.bytes_read += len(first_line) + # Propagate max_num_fields into the sub class appropriately + max_num_fields = self.max_num_fields + if max_num_fields is not None: + max_num_fields -= len(self.list) + while True: parser = FeedParser() hdr_text = b"" @@ -637,23 +642,19 @@ class FieldStorage: if 'content-length' in headers: del headers['content-length'] - # Propagate max_num_fields into the sub class appropriately - sub_max_num_fields = self.max_num_fields - if sub_max_num_fields is not None: - sub_max_num_fields -= len(self.list) - part = klass(self.fp, headers, ib, environ, keep_blank_values, strict_parsing,self.limit-self.bytes_read, - self.encoding, self.errors, sub_max_num_fields) + self.encoding, self.errors, max_num_fields) - max_num_fields = self.max_num_fields - if max_num_fields is not None and part.list: - max_num_fields -= len(part.list) + if max_num_fields is not None: + max_num_fields -= 1 + if part.list: + max_num_fields -= len(part.list) + if max_num_fields < 0: + raise ValueError('Max number of fields exceeded') self.bytes_read += part.bytes_read self.list.append(part) - if max_num_fields is not None and max_num_fields < len(self.list): - raise ValueError('Max number of fields exceeded') if part.done or self.bytes_read >= self.length > 0: break self.skip_lines() -- cgit v1.2.1