id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 33062 File upload crash when a file extension contains null characters. Alex Vandiver Hrushikesh Vaidya "A >2.5M file uploaded with a raw null byte anyplace after the `.` in its filename means that Django attempts to create a tempfile with that same ""extension,"" which errors out with `ValueError: embedded null byte`. It's almost certainly a violation of RFC to have a filename with a raw null byte in it, but it shouldn't result in a 500 when parsing the form. Here's code to generate a bad request: {{{ #!/usr/bin/env python3 import io import requests contents = io.StringIO(""."" * (1024 * 1024 * 3)) files = {""docfile"": (b""bogus.txt!"", contents, ""text/plain"")} req = requests.Request(""POST"", ""http://localhost:8000/"", files=files, data={}) prepared = req.prepare() body = prepared.body assert isinstance(body, bytes) prepared.body = body.replace(b""!"", b""\x00"") requests.Session().send(prepared) }}} ...which produces an error with the view: {{{ from django import forms from django.http import HttpResponseRedirect from django.shortcuts import render from django.views.decorators.csrf import csrf_exempt class UploadFileForm(forms.Form): docfile = forms.FileField() @csrf_exempt def index(request): if request.method == 'POST': form = UploadFileForm(request.POST, request.FILES) if form.is_valid(): print(repr(request.FILES['docfile'])) return HttpResponseRedirect('/') else: print(""Not valid!"") return HttpResponseRedirect('/') else: form = UploadFileForm() return render(request, 'uploads/index.html', {'form': form}) }}} ----- I'm not sure what the goal is of preserving the ""extension"" of the uploaded file in the tempfile that is made; if that's important enough a behaviour to keep, some amount of escaping on the parsed-out extension may be necessary. " Bug closed File uploads/storage 3.2 Normal fixed Florian Apolloner Ready for checkin 1 0 0 0 1 0