From 2d7cacacc310b65b43e7e2de89e7722291dea6a4 Mon Sep 17 00:00:00 2001
From: Pierre Quentel <pierre.quentel@gmail.com>
Date: Wed, 11 Sep 2019 13:05:53 +0200
Subject: [PATCH] =?utf8?q?bpo-20504=20:=20in=20cgi.py,=20fix=20bug=20when?=
 =?utf8?q?=20a=20multipart/form-data=20request=20has=E2=80=A6=20(#10638)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

* bpo-20504 : in cgi.py, fix bug when a multipart/form-data request has no content-length header

* Add Misc/NEWS.d/next file.

* Add rst formatting for NEWS.d/next file

* Reaplce assert by self.assertEqual
---
 Lib/cgi.py                                      |  8 +++++---
 Lib/test/test_cgi.py                            | 17 +++++++++++++++++
 .../2018-11-21-18-05-50.bpo-20504.kG0ub5.rst    |  2 ++
 3 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst

diff --git a/Lib/cgi.py b/Lib/cgi.py
index b96bd1f0fe..c22c71b387 100755
--- a/Lib/cgi.py
+++ b/Lib/cgi.py
@@ -461,7 +461,7 @@ class FieldStorage:
             if maxlen and clen > maxlen:
                 raise ValueError('Maximum content length exceeded')
         self.length = clen
-        if self.limit is None and clen:
+        if self.limit is None and clen >= 0:
             self.limit = clen
 
         self.list = self.file = None
@@ -642,8 +642,10 @@ class FieldStorage:
             if 'content-length' in headers:
                 del headers['content-length']
 
+            limit = None if self.limit is None \
+                else self.limit - self.bytes_read
             part = klass(self.fp, headers, ib, environ, keep_blank_values,
-                         strict_parsing,self.limit-self.bytes_read,
+                         strict_parsing, limit,
                          self.encoding, self.errors, max_num_fields)
 
             if max_num_fields is not None:
@@ -734,7 +736,7 @@ class FieldStorage:
         last_line_lfend = True
         _read = 0
         while 1:
-            if _read >= self.limit:
+            if self.limit is not None and _read >= self.limit:
                 break
             line = self.fp.readline(1<<16) # bytes
             self.bytes_read += len(line)
diff --git a/Lib/test/test_cgi.py b/Lib/test/test_cgi.py
index 0922555982..ab8677199f 100644
--- a/Lib/test/test_cgi.py
+++ b/Lib/test/test_cgi.py
@@ -352,6 +352,23 @@ Larry
         self.assertEqual(fs.list[0].name, 'submit-name')
         self.assertEqual(fs.list[0].value, 'Larry')
 
+    def test_field_storage_multipart_no_content_length(self):
+        fp = BytesIO(b"""--MyBoundary
+Content-Disposition: form-data; name="my-arg"; filename="foo"
+
+Test
+
+--MyBoundary--
+""")
+        env = {
+            "REQUEST_METHOD": "POST",
+            "CONTENT_TYPE": "multipart/form-data; boundary=MyBoundary",
+            "wsgi.input": fp,
+        }
+        fields = cgi.FieldStorage(fp, environ=env)
+
+        self.assertEqual(len(fields["my-arg"].file.read()), 5)
+
     def test_fieldstorage_as_context_manager(self):
         fp = BytesIO(b'x' * 10)
         env = {'REQUEST_METHOD': 'PUT'}
diff --git a/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst b/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst
new file mode 100644
index 0000000000..726329ad0d
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2018-11-21-18-05-50.bpo-20504.kG0ub5.rst
@@ -0,0 +1,2 @@
+Fixes a bug in :mod:`cgi` module when a multipart/form-data request has no
+`Content-Length` header.
-- 
2.40.0