[3.2.x] Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.

Thanks Alan Ryan for the report and initial patch. Backport of fc18f36c4ab94399366ca2f2007b3692559a6f23 from main.
author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2022-01-21 07:50:03 +0100
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2022-02-01 07:54:17 +0100
commit: d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (patch)
tree: c2ac52bb398b8f63d617155103ddd19413d2ec18 /django/http/multipartparser.py
parent: 1a1e8278c46418bde24c86a65443b0674bae65e2 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
index f464caa1b4..35a54f4ca1 100644
--- a/django/http/multipartparser.py
+++ b/django/http/multipartparser.py
@@ -248,6 +248,8 @@ class MultiPartParser:
                                 remaining = len(stripped_chunk) % 4
                                 while remaining != 0:
                                     over_chunk = field_stream.read(4 - remaining)
+                                    if not over_chunk:
+                                        break
                                     stripped_chunk += b"".join(over_chunk.split())
                                     remaining = len(stripped_chunk) % 4
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-01-21 07:50:03 +0100
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-02-01 07:54:17 +0100
commit	d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (patch)
tree	c2ac52bb398b8f63d617155103ddd19413d2ec18 /django/http/multipartparser.py
parent	1a1e8278c46418bde24c86a65443b0674bae65e2 (diff)