Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 209144831b0a19715bda3bd72b14a3e6192d9cc1^! / . / Lib / urllib / parse.py
commit209144831b0a19715bda3bd72b14a3e6192d9cc1[log] [tgz]
authormatthewbelisle-wf <matthew.belisle@workiva.com>Fri Oct 19 05:52:59 2018 -0500
committerMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>Fri Oct 19 03:52:59 2018 -0700
tree872e8d5460807aaf6f02b72a0c3b8f4202739ba2
parentf081fd83032be48aefdb1bbcc38ab5deb03785d5 [diff] [blame]
bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)



Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by
limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
index f21b8eb..dc21711 100644
--- a/Lib/urllib/parse.py
+++ b/Lib/urllib/parse.py

@@ -628,7 +628,7 @@
 
 
 def parse_qs(qs, keep_blank_values=False, strict_parsing=False,
-             encoding='utf-8', errors='replace'):
+             encoding='utf-8', errors='replace', max_num_fields=None):
     """Parse a query given as a string argument.
 
         Arguments:
@@ -649,11 +649,15 @@
         encoding and errors: specify how to decode percent-encoded sequences
             into Unicode characters, as accepted by the bytes.decode() method.
 
+        max_num_fields: int. If set, then throws a ValueError if there
+            are more than n fields read by parse_qsl().
+
         Returns a dictionary.
     """
     parsed_result = {}
     pairs = parse_qsl(qs, keep_blank_values, strict_parsing,
-                      encoding=encoding, errors=errors)
+                      encoding=encoding, errors=errors,
+                      max_num_fields=max_num_fields)
     for name, value in pairs:
         if name in parsed_result:
             parsed_result[name].append(value)
@@ -663,7 +667,7 @@
 
 
 def parse_qsl(qs, keep_blank_values=False, strict_parsing=False,
-              encoding='utf-8', errors='replace'):
+              encoding='utf-8', errors='replace', max_num_fields=None):
     """Parse a query given as a string argument.
 
         Arguments:
@@ -683,9 +687,21 @@
         encoding and errors: specify how to decode percent-encoded sequences
             into Unicode characters, as accepted by the bytes.decode() method.
 
+        max_num_fields: int. If set, then throws a ValueError
+            if there are more than n fields read by parse_qsl().
+
         Returns a list, as G-d intended.
     """
     qs, _coerce_result = _coerce_args(qs)
+
+    # If max_num_fields is defined then check that the number of fields
+    # is less than max_num_fields. This prevents a memory exhaustion DOS
+    # attack via post bodies with many fields.
+    if max_num_fields is not None:
+        num_fields = 1 + qs.count('&') + qs.count(';')
+        if max_num_fields < num_fields:
+            raise ValueError('Max number of fields exceeded')
+
     pairs = [s2 for s1 in qs.split('&') for s2 in s1.split(';')]
     r = []
     for name_value in pairs: