Skip to content

Commit

Permalink
mime/multipart: limit line length to prevent abuse
Browse files Browse the repository at this point in the history 
Fixes #1528

R=rsc
CC=golang-dev
https://golang.org/cl/4425060
  • Loading branch information
@bradfitz
bradfitz committed Apr 21, 2011
1 parent 256df10 commit ee154f5
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/pkg/mime/multipart/multipart.go
View file
Expand Up @@ -97,10 +97,11 @@ func newPart(mr *multiReader) (bp *Part, err os.Error) {

func (bp *Part) populateHeaders() os.Error {
for {
line, err := bp.mr.bufReader.ReadString('\n')
lineBytes, err := bp.mr.bufReader.ReadSlice('\n')
if err != nil {
return err
}
line := string(lineBytes)
if line == "\n" || line == "\r\n" {
return nil
}
Expand Down Expand Up @@ -179,11 +180,12 @@ func (mr *multiReader) eof() bool {
}

func (mr *multiReader) readLine() bool {
line, err := mr.bufReader.ReadString('\n')
lineBytes, err := mr.bufReader.ReadSlice('\n')
if err != nil {
// TODO: care about err being EOF or not?
return false
}
line := string(lineBytes)
mr.bufferedLine = &line
return true
}
Expand Down
32 changes: 32 additions & 0 deletions src/pkg/mime/multipart/multipart_test.go
View file
Expand Up @@ -9,6 +9,7 @@ import (
"fmt"
"io"
"json"
"os"
"regexp"
"strings"
"testing"
Expand Down Expand Up @@ -205,3 +206,34 @@ func TestVariousTextLineEndings(t *testing.T) {

}
}

type maliciousReader struct {
t *testing.T
n int
}

const maxReadThreshold = 1 << 20

func (mr *maliciousReader) Read(b []byte) (n int, err os.Error) {
mr.n += len(b)
if mr.n >= maxReadThreshold {
mr.t.Fatal("too much was read")
return 0, os.EOF
}
return len(b), nil
}

func TestLineLimit(t *testing.T) {
mr := &maliciousReader{t: t}
r := NewReader(mr, "fooBoundary")
part, err := r.NextPart()
if part != nil {
t.Errorf("unexpected part read")
}
if err == nil {
t.Errorf("expected an error")
}
if mr.n >= maxReadThreshold {
t.Errorf("expected to read < %d bytes; read %d", maxReadThreshold, mr.n)
}
}

0 comments on commit ee154f5

Please sign in to comment.