From: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: Re: [pve-devel] [PATCH v3 http-server 1/3] multipart upload: fix upload of files starting with newlines
Date: Mon, 12 Dec 2022 17:05:38 +0100 [thread overview]
Message-ID: <66c5e78a-b26e-bace-5e90-9e09684f5fb9@proxmox.com> (raw)
In-Reply-To: <20221212150756.221191-1-m.heiserer@proxmox.com>
Testing this series in the Browser, with curl and postman, I couldn't
find any issues anymore, more details below. Code looks good to me as well.
Tested-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
Reviewed-by: Daniel Tschlatscher <d.tschlatscher@proxmox.com>
Browser/GUI:
✅ Uploading files with 0B, 1B, 1kB, 17kB, 1MB, 1GB, 10GB
✅ Uploading file with a SHA256 checksum
In curl and Postman:
✅ Changing the extension in the first boundary (error)
✅ Adding additional headers leading or trailing (ignored)
✅ Specifying no headers in first boundary (error)
✅ Inconsistent boundary parameter in the Content-Type header (error)
✅ Inconsistent boundary in the body (error)
✅ Whitespaces at the beginning of the file are not discarded
✅ Arbitrary input after the last boundary
✅ Nothing after last boundary
✅ Mixed \n and \r\n in body
On 12/12/22 16:07, Matthias Heiserer wrote:
> Currently, if a file starts with a newline, it gets removed
> and the uploda succeeds (provided no hash is given).
>
> Signed-off-by: Matthias Heiserer <m.heiserer@proxmox.com>
> ---
> src/PVE/APIServer/AnyEvent.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
> index f397a8c..545c122 100644
> --- a/src/PVE/APIServer/AnyEvent.pm
> +++ b/src/PVE/APIServer/AnyEvent.pm
> @@ -1217,7 +1217,7 @@ sub file_upload_multipart {
> if ($hdl->{rbuf} =~
> s/^${delim_re}
> Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re}
> - Content-Type:\ \S*\s+
> + Content-Type:\ \S*${newline_re}{2}
> //sxx
> ) {
> assert_form_disposition($1);
next prev parent reply other threads:[~2022-12-12 16:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-12 15:07 Matthias Heiserer
2022-12-12 15:07 ` [pve-devel] [PATCH v3 http-server 2/3] fix multipart upload: ignore additional headers Matthias Heiserer
2022-12-12 15:07 ` [pve-devel] [PATCH v3 http-server 3/3] multipart upload: don't require trailing newline Matthias Heiserer
2022-12-12 16:05 ` Daniel Tschlatscher [this message]
2022-12-13 12:25 ` [pve-devel] applied-series: [PATCH v3 http-server 1/3] multipart upload: fix upload of files starting with newlines Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=66c5e78a-b26e-bace-5e90-9e09684f5fb9@proxmox.com \
--to=d.tschlatscher@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal