Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.

Thanks to Jakob Ackermann for the report.
author: Markus Holtermann <info@markusholtermann.eu> 2022-12-13 10:27:39 +0100
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2023-02-14 08:18:40 +0100
commit: 85ac33591c393f1480d4f23b4daff40119cb6410 (patch)
tree: 8f3b94059487d9587fc42f0fdc79fc123259b3f9 /django/http/request.py
parent: 1eb94bc8dab46dfa117d21ef4f3b52aebb593615 (diff)
download: django-85ac33591c393f1480d4f23b4daff40119cb6410.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/django/http/request.py b/django/http/request.py
index d451147bc1..2ef9dfd649 100644
--- a/django/http/request.py
+++ b/django/http/request.py
@@ -13,7 +13,11 @@ from django.core.exceptions import (
     TooManyFieldsSent,
 )
 from django.core.files import uploadhandler
-from django.http.multipartparser import MultiPartParser, MultiPartParserError
+from django.http.multipartparser import (
+    MultiPartParser,
+    MultiPartParserError,
+    TooManyFilesSent,
+)
 from django.utils.datastructures import (
     CaseInsensitiveMapping,
     ImmutableList,
@@ -382,7 +386,7 @@ class HttpRequest:
                 data = self
             try:
                 self._post, self._files = self.parse_file_upload(self.META, data)
-            except MultiPartParserError:
+            except (MultiPartParserError, TooManyFilesSent):
                 # An error occurred while parsing POST data. Since when
                 # formatting the error the request handler might access
                 # self.POST, set self._post and self._file to prevent
author	Markus Holtermann <info@markusholtermann.eu>	2022-12-13 10:27:39 +0100
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2023-02-14 08:18:40 +0100
commit	85ac33591c393f1480d4f23b4daff40119cb6410 (patch)
tree	8f3b94059487d9587fc42f0fdc79fc123259b3f9 /django/http/request.py
parent	1eb94bc8dab46dfa117d21ef4f3b52aebb593615 (diff)
download	django-85ac33591c393f1480d4f23b4daff40119cb6410.tar.gz