diff options
| author | Jason Hobbs <jason.hobbs@gmail.com> | 2014-09-02 12:23:51 -0500 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2014-09-13 19:06:21 +0200 |
| commit | e1424b237003723c12400b5e1cfd95c87650e62b (patch) | |
| tree | 3c8b567859101f7a3d08b795db2c1dbcf244c9de /django/http/multipartparser.py | |
| parent | 22bfc451467ec6e13044a87a97cf00e9f8a845e4 (diff) | |
Fixed #23397 -- Stripped whitespace from base64 during chunking
This insures the actual base64 content has a length a multiple of 4.
Also added a test case for the failure.
Diffstat (limited to 'django/http/multipartparser.py')
| -rw-r--r-- | django/http/multipartparser.py | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py index fd9f3a5b32..07c874e08f 100644 --- a/django/http/multipartparser.py +++ b/django/http/multipartparser.py @@ -206,14 +206,19 @@ class MultiPartParser(object): for chunk in field_stream: if transfer_encoding == 'base64': # We only special-case base64 transfer encoding - # We should always read base64 streams by multiple of 4 - over_bytes = len(chunk) % 4 - if over_bytes: - over_chunk = field_stream.read(4 - over_bytes) - chunk += over_chunk + # We should always decode base64 chunks by multiple of 4, + # ignoring whitespace. + + stripped_chunk = b"".join(chunk.split()) + + remaining = len(stripped_chunk) % 4 + while remaining != 0: + over_chunk = field_stream.read(4 - remaining) + stripped_chunk += b"".join(over_chunk.split()) + remaining = len(stripped_chunk) % 4 try: - chunk = base64.b64decode(chunk) + chunk = base64.b64decode(stripped_chunk) except Exception as e: # Since this is only a chunk, any error is an unfixable error. msg = "Could not decode base64 data: %r" % e |