tags:

views:

49

answers:

1
Q: 

What are the ramifications of null bytes and multipart/form-data?

A third party is sending us a flat file that is supposed to contain exclusively printable ASCII characters. However, we've discovered that there's a string of about 50 0x00 bytes in the middle of the file.

We want to be able to upload the file to our web application, but I've discovered that Django doesn't seem to like the null characters in the multipart/form-data. If I remove the null characters, the upload succeeds. (Sorry I don't have the stack trace available at the moment, but will produce one if necessary)

We can pre-process the file to remove the null characters and/or work with our third party to fix their file generator, but I don't like to leave mystical problems like this.

Does this sound like a bug in Django or is there some aspect of multipart/form-data that I don't fully understand? Do I need to set a transfer encoding of some sort so Django doesn't get hung up on the null characters?

A: 

Nope, no transfer-encoding is needed (or ever used by browsers) on form-data. It's perfectly valid to include a run of 50 null bytes in a multipart/form-data value... indeed given that most binary files contain a lot of nulls that situation should arise as often as not with file uploads!

Which makes me question whether it's really a Django bug, or whether there's not something else going on. Let's have that stacktrace!

bobince  2009-12-17 17:41:55
Not true. There is a "Content-Transfer-Encoding" header available, ie: "Content-Transfer-Encoding: binary". Or use "Content-Type: application/octet-stream" to send arbitrary data without interpretation.
Remy Lebeau - TeamB  2009-12-18 20:25:10
`Content-Transfer-Encoding` is not allowed in HTTP, see RFC2616 19.4.5. The encoding is always `binary` or an effective synonym.
bobince  2009-12-19 03:16:15

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.