Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
python-Werkzeug
CVE-2023-46136-slow-multipart-parsing.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2023-46136-slow-multipart-parsing.patch of Package python-Werkzeug
From b1916c0c083e0be1c9d887ee2f3d696922bfc5c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Srokosz?= <pawel.srokosz@cert.pl> Date: Thu, 12 Oct 2023 18:50:04 +0200 Subject: [PATCH] Fix: slow multipart parsing for huge files with few CR/LF characters --- src/werkzeug/sansio/multipart.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) Index: Werkzeug-2.3.6/src/werkzeug/sansio/multipart.py =================================================================== --- Werkzeug-2.3.6.orig/src/werkzeug/sansio/multipart.py +++ Werkzeug-2.3.6/src/werkzeug/sansio/multipart.py @@ -251,12 +251,20 @@ class MultipartDecoder: else: data_start = 0 - if self.buffer.find(b"--" + self.boundary) == -1: + boundary = b"--" + self.boundary + + if self.buffer.find(boundary) == -1: # No complete boundary in the buffer, but there may be # a partial boundary at the end. As the boundary # starts with either a nl or cr find the earliest and # return up to that as data. data_end = del_index = self.last_newline(data[data_start:]) + # If amount of data after last newline is far from + # possible length of partial boundary, we should + # assume that there is no partial boundary in the buffer + # and return all pending data. + if (len(data) - data_end) > len(b"\n" + boundary): + data_end = del_index = len(data) more_data = True else: match = self.boundary_re.search(data)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor