From b1916c0c083e0be1c9d887ee2f3d696922bfc5c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Srokosz?= <pawel.srokosz@cert.pl>
Date: Thu, 12 Oct 2023 18:50:04 +0200
Subject: [PATCH 1/2] Fix: slow multipart parsing for huge files with few CR/LF
 characters

---
 src/werkzeug/sansio/multipart.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/werkzeug/sansio/multipart.py b/src/werkzeug/sansio/multipart.py
index 380993af7..fc8735378 100644
--- a/src/werkzeug/sansio/multipart.py
+++ b/src/werkzeug/sansio/multipart.py
@@ -251,12 +251,20 @@ def _parse_data(self, data: bytes, *, start: bool) -> tuple[bytes, int, bool]:
         else:
             data_start = 0
 
-        if self.buffer.find(b"--" + self.boundary) == -1:
+        boundary = b"--" + self.boundary
+
+        if self.buffer.find(boundary) == -1:
             # No complete boundary in the buffer, but there may be
             # a partial boundary at the end. As the boundary
             # starts with either a nl or cr find the earliest and
             # return up to that as data.
             data_end = del_index = self.last_newline(data[data_start:]) + data_start
+            # If amount of data after last newline is far from
+            # possible length of partial boundary, we should
+            # assume that there is no partial boundary in the buffer
+            # and return all pending data.
+            if (len(data) - data_end) > len(b"\n" + boundary):
+                data_end = del_index = len(data)
             more_data = True
         else:
             match = self.boundary_re.search(data)

From 48a6560a639d1ed56df9bfb8c0e0daae352f8706 Mon Sep 17 00:00:00 2001
From: pgjones <philip.graham.jones@googlemail.com>
Date: Tue, 24 Oct 2023 21:47:00 +0100
Subject: [PATCH 2/2] Release version 3.0.1

---
 CHANGES.rst    | 8 ++++++++
 pyproject.toml | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index ef83f2905..6f801b97c 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,5 +1,13 @@
 .. currentmodule:: werkzeug
 
+Version 3.0.1
+-------------
+
+Released 2023-10-24
+
+-   Fix slow multipart parsing for large parts potentially enabling DoS
+    attacks. :cwe:`CWE-407`
+
 Version 3.0.0
 -------------
 
diff --git a/pyproject.toml b/pyproject.toml
index ec69c2015..70721a9a4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "Werkzeug"
-version = "3.0.0"
+version = "3.0.1"
 description = "The comprehensive WSGI web application library."
 readme = "README.rst"
 license = {file = "LICENSE.rst"}