FAQ

[P5P] [perl #37607] CGI file upload file name parsing errors

Aspa @ merlot . kronodoc . fi
Nov 4, 2005 at 11:41 am
# New Ticket Created by aspa@merlot.kronodoc.fi
# Please include the string: [perl #37607]
# in the subject line of all future correspondence about this issue.
# <URL: https://rt.perl.org/rt3/Ticket/Display.html?id=37607 >



This is a bug report for perl from aspa@merlot.kronodoc.fi,
generated with the help of perlbug 1.35 running under perl v5.8.7.


-----------------------------------------------------------------
[Please enter your report here]

I'm using the CGI module to parse HTTP POST file upload requests.
I noticed that if the file name is quoted and contains a semicolon CGI fails
to parse the name correctly. For example using 'foo;bar.txt' as the file name
would result in the following Content-Disposition line in the HTTP request:

Content-Disposition: form-data; name="filename1"; filename="foo;bar.txt"

which would cause CGI to fail the file name parsing.

According to RFC 1867, 2183 and 2045 the file name field value can contain
semicolons when the name is quoted.

A related issue is that when the file name parsing fails the file content
is loaded into the parsed CGI object i.e. in main memory.


I would propose the following patch to the CGI module to fix these issues:

3258c3258,3260
< my($filename) = $header{'Content-Disposition'}=~/ filename="([^;]*)"/;
---
# RFC 1867, 2183, 2045
my ($filename) = $header{'Content-Disposition'}=~/ filename=(("[^"]*")|(
[a-z\d!#'\*\+,\.^_\`\{\}\|\~]*))/i;
$filename =~ s/^"([^"]*)"$/$1/;
3262a3265,3269
# prevent file content from being loaded into memory should
# content-disposition parsing fail.
if($header{'Content-Disposition'}=~/ filename=/ && !$filename) {
$filename = "noname.bin";
}


--
aspa


[Please do not change anything below this line]
-----------------------------------------------------------------
---
Flags:
category=library
severity=medium
---
Site configuration information for perl v5.8.7:

Configured by aspa at Fri Nov 4 10:58:39 EET 2005.

Summary of my perl5 (revision 5 version 8 subversion 7) configuration:
Platform:
osname=linux, osvers=2.4.21-32.elsmp, archname=i686-linux
uname='linux merlot.kronodoc.fi 2.4.21-32.elsmp #1 smp fri apr 15 21:17:59 edt 2005 i686 i686 i386 gnulinux '
config_args='-de -Dprefix=/home/aspa/tmp/perl-5.8.7'
hint=recommended, useposix=true, d_sigaction=define
usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef
useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
use64bitint=undef use64bitall=undef uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include/gdbm',
optimize='-O2',
cppflags='-fno-strict-aliasing -pipe -I/usr/local/include -I/usr/include/gdbm'
ccversion='', gccversion='3.2.3 20030502 (Red Hat Linux 3.2.3-53)', gccosandvers=''
intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=4, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -L/usr/local/lib'
libpth=/usr/local/lib /lib /usr/lib
libs=-lnsl -lgdbm -ldb -ldl -lm -lcrypt -lutil -lc
perllibs=-lnsl -ldl -lm -lcrypt -lutil -lc
libc=/lib/libc-2.3.2.so, so=so, useshrplib=false, libperl=libperl.a
gnulibc_version='2.3.2'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib'

Locally applied patches:


---
@INC for perl v5.8.7:
/home/aspa/tmp/perl-5.8.7/lib/5.8.7/i686-linux
/home/aspa/tmp/perl-5.8.7/lib/5.8.7
/home/aspa/tmp/perl-5.8.7/lib/site_perl/5.8.7/i686-linux
/home/aspa/tmp/perl-5.8.7/lib/site_perl/5.8.7
/home/aspa/tmp/perl-5.8.7/lib/site_perl
.

---
Environment for perl v5.8.7:
HOME=/home/aspa
LANG=en_US.iso885915
LANGUAGE (unset)
LANGVAR=en_US.iso885915
LD_LIBRARY_PATH (unset)
LOGDIR (unset)
PATH=/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin
PERL_BADLANG (unset)
SHELL=/bin/tcsh
reply

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post

1 user in discussion

Aspa @ merlot . kronodoc . fi: 1 post