Code

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#16201 closed Bug (fixed)

When Content-Length is 0, MultiPartParser violates RFC2616

Reported by: albsen Owned by: nobody
Component: HTTP handling Version: 1.3-rc
Severity: Normal Keywords: http multipart
Cc: wildfire Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

RFC 2616 says that: "Any Content-Length greater than or equal to zero is a valid value." http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13

Currently MultiPartParser doesn't handle "Content-Length: 0".

The patch I've attached returns an empty request.POST in MultiPartParser.parser() if the "Content-Length: 0" instead of raising an exception on
MultiPartParser.__init__() .

I've also added the tests for this particular case in requests/tests.
( ./runtests.py --settings=test_sqlite requests.RequestsTests.test_POST_multipart_with_content_length_zero )

Attachments (1)

multipartparser_content_length_0.diff (2.5 KB) - added by albsen 3 years ago.
patch for multipartparser bug

Download all attachments as: .zip

Change History (5)

Changed 3 years ago by albsen

patch for multipartparser bug

comment:1 Changed 3 years ago by wildfire

  • Cc wildfire added
  • Needs documentation set
  • Needs tests unset
  • Patch needs improvement unset
  • Summary changed from MultiPartParser doesn't handle RFC2616 conform HTTP POST with Content-Length == 0 to When Content-Length is 0, MultiPartParser violates RFC2616
  • Triage Stage changed from Unreviewed to Accepted

I think the patch is fine, but it probably needs something mentioned in the release notes since we are changing a low-level content-length handling thing.

comment:2 Changed 3 years ago by russellm

  • Needs documentation unset
  • Triage Stage changed from Accepted to Ready for checkin

The change being proposed here makes Django's HTTP implementation RFC compliant -- content-length == 0 is explicitly given as an allowed length. The fact that we have historically rejected content-length == 0 is a bug, not something that needs to be document.

comment:3 Changed 3 years ago by russellm

  • Resolution set to fixed
  • Status changed from new to closed

In [16353]:

Fixed #16201 -- Ensure that requests with Content-Length=0 don't break the multipart parser. Thanks to albsen for the report and patch

comment:4 Changed 3 years ago by russellm

In [16676]:

[1.3.X] Fixed #16201 -- Ensure that requests with Content-Length=0 don't break the multipart parser. Thanks to albsen for the report and patch

Backport of r16353 from trunk.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.