From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <johnahollowell@gmail.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id CAAFD8E7F8
 for <pve-devel@lists.proxmox.com>; Mon, 14 Nov 2022 00:56:50 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 820A31D085
 for <pve-devel@lists.proxmox.com>; Mon, 14 Nov 2022 00:56:20 +0100 (CET)
Received: from mail-io1-f48.google.com (mail-io1-f48.google.com
 [209.85.166.48])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Mon, 14 Nov 2022 00:56:19 +0100 (CET)
Received: by mail-io1-f48.google.com with SMTP id c7so4420145iof.13
 for <pve-devel@lists.proxmox.com>; Sun, 13 Nov 2022 15:56:19 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=WMgzx7tMtJc5NnqC4z90fzPi5oV/okHf7nJJWpk424U=;
 b=S4pr309Gi/D9t3YHTX5uTD7eqBgKFscygl1ocJ1hVxlwHjDew2uJ8+0AAXeMvcu1/H
 HVnLi1yBlcUWivykYto5nwQci72Q1gUi2HwK5LrYcMJ0+vtGQTKEXcZd3tUBKqoOOUYM
 liRtp+xc1qJfxfCKRl4ZAzODkuckq6i9IOxyVeOjx+Xti2Cv+Lm4ghAZTaTK8Cv55YyJ
 J4lFz7MQm54CGfUJ4Q0QVmPGRzNBpnVDDwZJ4QGlgCHq6K9A3S+PJV9A2VNz7JC0ZSNz
 qAKZ71J2+NKbpOcEjM4DNaDOQ1TvIajelZ/5JJJuoCz94vLSMNw4+UXYVmNjpWhKHQip
 6H4A==
X-Gm-Message-State: ANoB5plrDnb5e09XRDDQn3nQ21BiJQ4pRmzRo6u1LqYEmqrFHV9DIxZu
 cloaji75ymhYiUc+Gwks4It2nhYEhR3ZUw==
X-Google-Smtp-Source: AA0mqf7chryj0UpiJTppteW7qj6QUGJHnE0cz8dvDP+LTlRIq3siyI80JXsaZH1o/6Qn57KtiZwm6Q==
X-Received: by 2002:a05:622a:181a:b0:3a4:f45a:d147 with SMTP id
 t26-20020a05622a181a00b003a4f45ad147mr10310923qtc.343.1668383339042; 
 Sun, 13 Nov 2022 15:48:59 -0800 (PST)
Received: from smtprelay.homelab.johnhollowell.com
 (cpe-76-182-68-238.nc.res.rr.com. [76.182.68.238])
 by smtp.gmail.com with UTF8SMTPSA id
 n16-20020a05620a295000b006f9f714cb6asm5569935qkp.50.2022.11.13.15.48.58
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Sun, 13 Nov 2022 15:48:58 -0800 (PST)
Received: from localhost.localdomain ([10.50.0.103]) by
 smtprelay.homelab.johnhollowell.com with ESMTP;
 Sun, 13 Nov 2022 18:48:57 -0500 (EST)
From: John Hollowell <jhollowe@johnhollowell.com>
To: pve-devel@lists.proxmox.com
Cc: John Hollowell <jhollowe@johnhollowell.com>
Date: Sun, 13 Nov 2022 23:48:10 +0000
Message-Id: <20221113234810.6642-2-jhollowe@johnhollowell.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20221113234810.6642-1-jhollowe@johnhollowell.com>
References: <20221113234810.6642-1-jhollowe@johnhollowell.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 FREEMAIL_FORGED_FROMDOMAIN 0.249 2nd level domains in From and EnvelopeFrom
 freemail headers are different
 FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
 HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail
 domains are different
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/,
 no trust RCVD_IN_MSPIKE_H2      -0.001 Average reputation (+2)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
X-Mailman-Approved-At: Mon, 14 Nov 2022 09:14:30 +0100
Subject: [pve-devel] [PATCH http-server 1/1] fix #4344: http-server: ignore
 unused multipart headers
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2022 23:56:50 -0000

Signed-off-by: John Hollowell <jhollowe@johnhollowell.com>
---
 src/PVE/APIServer/AnyEvent.pm | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
index f397a8c..d958642 100644
--- a/src/PVE/APIServer/AnyEvent.pm
+++ b/src/PVE/APIServer/AnyEvent.pm
@@ -1215,15 +1215,15 @@ sub file_upload_multipart {
 	    $extract_form_disposition->('checksum');

 	    if ($hdl->{rbuf} =~
-		s/^${delim_re}
-		Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re}
-		Content-Type:\ \S*\s+
-		//sxx
+		s/^${delim_re}Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"//sxx
 	    ) {
 		assert_form_disposition($1);
 		die "wrong field name '$2' for file upload, expected 'filename'" if $2 ne "filename";
 		$rstate->{phase} = 2;
 		$rstate->{params}->{filename} = trim($3);
+
+		# remove any remaining multipart "headers" like Content-Type
+		$hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s
 	    }
 	}

--
2.30.2