Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Correctly handle transport-padding after boundaries. #29

Merged
merged 1 commit into from
Mar 27, 2021

Conversation

jebrosen
Copy link
Contributor

Fixes #25.

I'm also installing cargo-fuzz so that I can try it out with these changes and (if wanted) add some transport-padding to the seeds.

tests/integration.rs Outdated Show resolved Hide resolved
@rousan
Copy link
Member

rousan commented Feb 16, 2021

@jebrosen , @SergioBenitez , any plan for new release?

@SergioBenitez
Copy link
Member

@rousan Yes, very soon. I also have a few updates to multer itself that break compatibility that I'd like to get in before the release. I'll update you within a week's time.

@SergioBenitez
Copy link
Member

@jebrosen Could you rebase on master? Then this should be ready for a release.


if state.stage == StreamingStage::DeterminingBoundaryType {
let ext_len = constants::BOUNDARY_EXT.len();
let next_bytes = match stream_buffer.peek_exact(ext_len) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this check is necessary (including the new peek_exact function) to verify that it is --boundary-- or --boundary[whitespace]CRLF and not --boundaryZZ..., but I would love to be proven wrong.

Copy link
Member

@SergioBenitez SergioBenitez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor changes, but otherwise looks really good to me!

src/buffer.rs Outdated Show resolved Hide resolved
src/buffer.rs Outdated Show resolved Hide resolved
src/multipart.rs Outdated Show resolved Hide resolved
'transport-padding' is defined as any amount of linear whitespace (space
or horizontal tab) between a boundary and its corresponding newline.

See also https://tools.ietf.org/html/rfc2046#section-5.1.1

Fixes rwf2#25.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Consider allowing whitespaces after the boundary and before the CRLF
3 participants