1
0
mirror of https://github.com/golang/go synced 2024-11-21 19:04:44 -07:00

mime/multipart: limit line length to prevent abuse

Fixes #1528

R=rsc
CC=golang-dev
https://golang.org/cl/4425060
This commit is contained in:
Brad Fitzpatrick 2011-04-21 10:45:49 -07:00
parent 256df10eae
commit ee154f5df5
2 changed files with 36 additions and 2 deletions

View File

@ -97,10 +97,11 @@ func newPart(mr *multiReader) (bp *Part, err os.Error) {
func (bp *Part) populateHeaders() os.Error {
for {
line, err := bp.mr.bufReader.ReadString('\n')
lineBytes, err := bp.mr.bufReader.ReadSlice('\n')
if err != nil {
return err
}
line := string(lineBytes)
if line == "\n" || line == "\r\n" {
return nil
}
@ -179,11 +180,12 @@ func (mr *multiReader) eof() bool {
}
func (mr *multiReader) readLine() bool {
line, err := mr.bufReader.ReadString('\n')
lineBytes, err := mr.bufReader.ReadSlice('\n')
if err != nil {
// TODO: care about err being EOF or not?
return false
}
line := string(lineBytes)
mr.bufferedLine = &line
return true
}

View File

@ -9,6 +9,7 @@ import (
"fmt"
"io"
"json"
"os"
"regexp"
"strings"
"testing"
@ -205,3 +206,34 @@ func TestVariousTextLineEndings(t *testing.T) {
}
}
type maliciousReader struct {
t *testing.T
n int
}
const maxReadThreshold = 1 << 20
func (mr *maliciousReader) Read(b []byte) (n int, err os.Error) {
mr.n += len(b)
if mr.n >= maxReadThreshold {
mr.t.Fatal("too much was read")
return 0, os.EOF
}
return len(b), nil
}
func TestLineLimit(t *testing.T) {
mr := &maliciousReader{t: t}
r := NewReader(mr, "fooBoundary")
part, err := r.NextPart()
if part != nil {
t.Errorf("unexpected part read")
}
if err == nil {
t.Errorf("expected an error")
}
if mr.n >= maxReadThreshold {
t.Errorf("expected to read < %d bytes; read %d", maxReadThreshold, mr.n)
}
}