Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

base fork: felixge/node-formidable
base: v0.9.1
...
head fork: felixge/node-formidable
compare: v0.9.2
  • 3 commits
  • 4 files changed
  • 0 commit comments
  • 1 contributor
Commits on Jun 22, 2010
Felix Geisendörfer Fix: Trailing boundary-like data caused parse error
When we discard a started boundary at the end of a part's data block,
we need to re-consider the current character as it could be the
beginning of a new boundary sequence itself.

See: http://github.com/felixge/node-formidable/issues#issue/2
7429179
Felix Geisendörfer Handle empty header fields correctly
Discovered by: Hongli Lai
30e715a
Felix Geisendörfer Bump version a12f8a9
10 lib/formidable/multipart_parser.js
View
@@ -143,6 +143,7 @@ MultipartParser.prototype.write = function(buffer) {
case S.HEADER_FIELD_START:
state = S.HEADER_FIELD;
mark('headerField');
+ index = 0;
case S.HEADER_FIELD:
if (c == CR) {
clear('headerField');
@@ -150,11 +151,16 @@ MultipartParser.prototype.write = function(buffer) {
break;
}
+ index++;
if (c == HYPHEN) {
break;
}
if (c == COLON) {
+ if (index == 1) {
+ // empty header field
+ return i;
+ }
dataCallback('headerField', true);
state = S.HEADER_VALUE_START;
break;
@@ -275,6 +281,10 @@ MultipartParser.prototype.write = function(buffer) {
callback('partData', lookbehind, 0, prevIndex);
prevIndex = 0;
mark('partData');
+
+ // reconsider the current character even so it interrupted the sequence
+ // it could be the beginning of a new sequence
+ i--;
}
break;
2  package.json
View
@@ -1,5 +1,5 @@
{ "name" : "formidable"
-, "version": "0.9.1"
+, "version": "0.9.2"
, "dependencies": {"gently": ">=0.7.0"}
, "directories" : { "lib" : "./lib/formidable" }
, "main" : "./lib/formidable/index"
21 test/fixture/multipart.js
View
@@ -12,7 +12,7 @@ exports['rfc1867'] =
'content-disposition: form-data; name="pics"; filename="file1.txt"\r\n'+
'Content-Type: text/plain\r\n'+
'\r\n'+
- '... contents of file1.txt ...\r\n'+
+ '... contents of file1.txt ...\r\r\n'+
'--AaB03x--\r\n'
, parts:
[ { headers:
@@ -24,7 +24,24 @@ exports['rfc1867'] =
{ 'content-disposition': 'form-data; name="pics"; filename="file1.txt"'
, 'Content-Type': 'text/plain'
}
- , data: '... contents of file1.txt ...'
+ , data: '... contents of file1.txt ...\r'
}
]
+ };
+
+exports['emptyHeader'] =
+ { boundary: 'AaB03x'
+ , raw:
+ '--AaB03x\r\n'+
+ 'content-disposition: form-data; name="field1"\r\n'+
+ ': foo\r\n'+
+ '\r\n'+
+ 'Joe Blow\r\nalmost tricked you!\r\n'+
+ '--AaB03x\r\n'+
+ 'content-disposition: form-data; name="pics"; filename="file1.txt"\r\n'+
+ 'Content-Type: text/plain\r\n'+
+ '\r\n'+
+ '... contents of file1.txt ...\r\r\n'+
+ '--AaB03x--\r\n'
+ , expectError: true
};
7 test/integration/test-multipart-parser.js
View
@@ -68,12 +68,19 @@ Object.keys(fixtures).forEach(function(name) {
nparsed = parser.write(chunk);
if (nparsed != chunk.length) {
+ if (fixture.expectError) {
+ return;
+ }
puts('-- ERROR --');
p(chunk.toString('ascii'));
throw new Error(chunk.length+' bytes written, but only '+nparsed+' bytes parsed!');
}
}
+ if (fixture.expectError) {
+ throw new Error('expected parse error did not happen');
+ }
+
assert.ok(endCalled);
assert.deepEqual(parts, fixture.parts);
});

No commit comments for this range

Something went wrong with that request. Please try again.