Skip to content

Commit 874b313

Browse files
avivklasodeke-em
avivklas
authored and
odeke-em
committed
mime/multipart: return overflow errors in Reader.ReadForm
Updates Reader.ReadForm to check for overflow errors that may result from a leeway addition of 10MiB to the input argument maxMemory. Fixes #40430 Change-Id: I510b8966c95c51d04695ba9d08fcfe005fd11a5d Reviewed-on: https://go-review.googlesource.com/c/go/+/247477 Run-TryBot: Emmanuel Odeke <[email protected]> Trust: Cuong Manh Le <[email protected]> Trust: Emmanuel Odeke <[email protected]> TryBot-Result: Go Bot <[email protected]> Reviewed-by: Emmanuel Odeke <[email protected]>
1 parent 05b626e commit 874b313

File tree

2 files changed

+22
-0
lines changed

2 files changed

+22
-0
lines changed

src/mime/multipart/formdata.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ package multipart
77
import (
88
"bytes"
99
"errors"
10+
"fmt"
1011
"io"
1112
"io/ioutil"
1213
"net/textproto"
@@ -41,6 +42,9 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) {
4142

4243
// Reserve an additional 10 MB for non-file parts.
4344
maxValueBytes := maxMemory + int64(10<<20)
45+
if maxValueBytes <= 0 {
46+
return nil, fmt.Errorf("multipart: integer overflow from maxMemory(%d) + 10MiB for non-file parts", maxMemory)
47+
}
4448
for {
4549
p, err := r.NextPart()
4650
if err == io.EOF {

src/mime/multipart/formdata_test.go

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ package multipart
77
import (
88
"bytes"
99
"io"
10+
"math"
1011
"os"
1112
"strings"
1213
"testing"
@@ -52,6 +53,23 @@ func TestReadFormWithNamelessFile(t *testing.T) {
5253
}
5354
}
5455

56+
// Issue 40430: Ensure that we report integer overflows in additions of maxMemory,
57+
// instead of silently and subtly failing without indication.
58+
func TestReadFormMaxMemoryOverflow(t *testing.T) {
59+
b := strings.NewReader(strings.ReplaceAll(messageWithTextContentType, "\n", "\r\n"))
60+
r := NewReader(b, boundary)
61+
f, err := r.ReadForm(math.MaxInt64)
62+
if err == nil {
63+
t.Fatal("Unexpected a non-nil error")
64+
}
65+
if f != nil {
66+
t.Fatalf("Unexpected returned a non-nil form: %v\n", f)
67+
}
68+
if g, w := err.Error(), "integer overflow from maxMemory"; !strings.Contains(g, w) {
69+
t.Errorf(`Error mismatch\n%q\ndid not contain\n%q`, g, w)
70+
}
71+
}
72+
5573
func TestReadFormWithTextContentType(t *testing.T) {
5674
// From https://github.com/golang/go/issues/24041
5775
b := strings.NewReader(strings.ReplaceAll(messageWithTextContentType, "\n", "\r\n"))

0 commit comments

Comments
 (0)