Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#16201 closed Bug (fixed)

When Content-Length is 0, MultiPartParser violates RFC2616

Reported by: asd Owned by: nobody
Component: HTTP handling Version: 1.3-rc
Severity: Normal Keywords: http multipart
Cc: Anand Kumria Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

RFC 2616 says that: "Any Content-Length greater than or equal to zero is a valid value." http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13

Currently MultiPartParser doesn't handle "Content-Length: 0".

The patch I've attached returns an empty request.POST in MultiPartParser.parser() if the "Content-Length: 0" instead of raising an exception on
MultiPartParser.__init__() .

I've also added the tests for this particular case in requests/tests.
( ./runtests.py --settings=test_sqlite requests.RequestsTests.test_POST_multipart_with_content_length_zero )

Attachments (1)

multipartparser_content_length_0.diff (2.5 KB) - added by asd 5 years ago.
patch for multipartparser bug

Download all attachments as: .zip

Change History (5)

Changed 5 years ago by asd

patch for multipartparser bug

comment:1 Changed 5 years ago by Anand Kumria

Cc: Anand Kumria added
Needs documentation: set
Needs tests: unset
Patch needs improvement: unset
Summary: MultiPartParser doesn't handle RFC2616 conform HTTP POST with Content-Length == 0When Content-Length is 0, MultiPartParser violates RFC2616
Triage Stage: UnreviewedAccepted

I think the patch is fine, but it probably needs something mentioned in the release notes since we are changing a low-level content-length handling thing.

comment:2 Changed 5 years ago by Russell Keith-Magee

Needs documentation: unset
Triage Stage: AcceptedReady for checkin

The change being proposed here makes Django's HTTP implementation RFC compliant -- content-length == 0 is explicitly given as an allowed length. The fact that we have historically rejected content-length == 0 is a bug, not something that needs to be document.

comment:3 Changed 5 years ago by Russell Keith-Magee

Resolution: fixed
Status: newclosed

In [16353]:

Fixed #16201 -- Ensure that requests with Content-Length=0 don't break the multipart parser. Thanks to albsen for the report and patch

comment:4 Changed 5 years ago by Russell Keith-Magee

In [16676]:

[1.3.X] Fixed #16201 -- Ensure that requests with Content-Length=0 don't break the multipart parser. Thanks to albsen for the report and patch

Backport of r16353 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top