[pve-devel] [PATCH v3 http-server 1/3] multipart upload: fix upload of files starting with newlines
Daniel Tschlatscher
d.tschlatscher at proxmox.com
Mon Dec 12 17:05:38 CET 2022
Testing this series in the Browser, with curl and postman, I couldn't
find any issues anymore, more details below. Code looks good to me as well.
Tested-by: Daniel Tschlatscher <d.tschlatscher at proxmox.com>
Reviewed-by: Daniel Tschlatscher <d.tschlatscher at proxmox.com>
Browser/GUI:
✅ Uploading files with 0B, 1B, 1kB, 17kB, 1MB, 1GB, 10GB
✅ Uploading file with a SHA256 checksum
In curl and Postman:
✅ Changing the extension in the first boundary (error)
✅ Adding additional headers leading or trailing (ignored)
✅ Specifying no headers in first boundary (error)
✅ Inconsistent boundary parameter in the Content-Type header (error)
✅ Inconsistent boundary in the body (error)
✅ Whitespaces at the beginning of the file are not discarded
✅ Arbitrary input after the last boundary
✅ Nothing after last boundary
✅ Mixed \n and \r\n in body
On 12/12/22 16:07, Matthias Heiserer wrote:
> Currently, if a file starts with a newline, it gets removed
> and the uploda succeeds (provided no hash is given).
>
> Signed-off-by: Matthias Heiserer <m.heiserer at proxmox.com>
> ---
> src/PVE/APIServer/AnyEvent.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
> index f397a8c..545c122 100644
> --- a/src/PVE/APIServer/AnyEvent.pm
> +++ b/src/PVE/APIServer/AnyEvent.pm
> @@ -1217,7 +1217,7 @@ sub file_upload_multipart {
> if ($hdl->{rbuf} =~
> s/^${delim_re}
> Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re}
> - Content-Type:\ \S*\s+
> + Content-Type:\ \S*${newline_re}{2}
> //sxx
> ) {
> assert_form_disposition($1);
More information about the pve-devel
mailing list