From 3736a53be0e42817d1bb2c6b2d0ec4fa8241b41d Mon Sep 17 00:00:00 2001 From: John Stark Date: Tue, 23 Apr 2024 13:11:53 +0200 Subject: [PATCH] Handle invalid CRLF in header name. fixes #122 --- multipart/multipart.py | 2 +- tests/test_data/http/CRLF_in_header.http | 6 ++++++ tests/test_data/http/CRLF_in_header.yaml | 3 +++ tests/test_data/http/CR_in_header.yaml | 2 +- 4 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 tests/test_data/http/CRLF_in_header.http create mode 100644 tests/test_data/http/CRLF_in_header.yaml diff --git a/multipart/multipart.py b/multipart/multipart.py index 1ad5011..e1ecd21 100644 --- a/multipart/multipart.py +++ b/multipart/multipart.py @@ -1167,7 +1167,7 @@ def data_callback(name: str, remaining: bool = False) -> None: # If we've reached a CR at the beginning of a header, it means # that we've reached the second of 2 newlines, and so there are # no more headers to parse. - if c == CR: + if c == CR and index == 0: delete_mark("header_field") state = MultipartState.HEADERS_ALMOST_DONE i += 1 diff --git a/tests/test_data/http/CRLF_in_header.http b/tests/test_data/http/CRLF_in_header.http new file mode 100644 index 0000000..41e9e0b --- /dev/null +++ b/tests/test_data/http/CRLF_in_header.http @@ -0,0 +1,6 @@ +------WebKitFormBoundaryTkr3kCBQlBe1nrhc +Content- +isposition: form-data; name="field" + +This is a test. +------WebKitFormBoundaryTkr3kCBQlBe1nrhc-- \ No newline at end of file diff --git a/tests/test_data/http/CRLF_in_header.yaml b/tests/test_data/http/CRLF_in_header.yaml new file mode 100644 index 0000000..9d5f62a --- /dev/null +++ b/tests/test_data/http/CRLF_in_header.yaml @@ -0,0 +1,3 @@ +boundary: ----WebKitFormBoundaryTkr3kCBQlBe1nrhc +expected: + error: 50 diff --git a/tests/test_data/http/CR_in_header.yaml b/tests/test_data/http/CR_in_header.yaml index c9b55f2..9d5f62a 100644 --- a/tests/test_data/http/CR_in_header.yaml +++ b/tests/test_data/http/CR_in_header.yaml @@ -1,3 +1,3 @@ boundary: ----WebKitFormBoundaryTkr3kCBQlBe1nrhc expected: - error: 51 + error: 50