http: complete multipart until request.body-limit

In the case we are truncating a multipart file because of reaching request.body-limit, we used to not consume the whole buffer, but keep expected_boundary_len bytes in case a new boundary begins in these bytes. Even if we cannot check the complete boundary, we can still check the first bytes, as will be done in the rust version. Ticket: #5952 (cherry picked from commit 578f328) (cherry picked from commit caf9940)
OISF · Apr 5, 2023 · 92fdb67 · 92fdb67
1 parent 2c60033
commit 92fdb67
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c
@@ -1438,6 +1438,16 @@ static int HtpRequestBodyHandleMultipart(HtpState *hstate, HtpTxUserData *htud,
             if (chunks_buffer_len > expected_boundary_end_len) {
                 const uint8_t *filedata = chunks_buffer;
                 uint32_t filedata_len = chunks_buffer_len - expected_boundary_len;
+                for (; filedata_len < chunks_buffer_len; filedata_len++) {
+                    // take as much as we can until the beginning of a new line
+                    if (chunks_buffer[filedata_len] == '\r') {
+                        if (filedata_len + 1 == chunks_buffer_len ||
+                                chunks_buffer[filedata_len + 1] == '\n') {
+                            break;
+                        }
+                    }
+                }
+
 #ifdef PRINT
                 printf("FILEDATA (part) START: \n");
                 PrintRawDataFp(stdout, filedata, filedata_len);