From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 46804971C for ; Fri, 18 Nov 2022 02:40:11 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2EB0C3245C for ; Fri, 18 Nov 2022 02:39:41 +0100 (CET) Received: from mail-qt1-f182.google.com (mail-qt1-f182.google.com [209.85.160.182]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 18 Nov 2022 02:39:40 +0100 (CET) Received: by mail-qt1-f182.google.com with SMTP id w9so2302133qtv.13 for ; Thu, 17 Nov 2022 17:39:40 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WMgzx7tMtJc5NnqC4z90fzPi5oV/okHf7nJJWpk424U=; b=qAukM1QQkSrByd2QQoHsT1/rmQmnuLbqtYd0ByIi7Uo3ac5kPE90KMKkt9Jg1N54/K iHlOF1k7XvKqDF3zJ2wq7ugO8WtJ6SSBw73HmNIpCZlSxpcmJRq2d52IulY2wCdQ1sbK zhtiWwmZUoWKQj9AO5+SpJCQop4mIbKcKHLwmOb0SI/xD3N/NN0ZdYfACA1zvkI/fJgb 7czrFluW02hPTv+/AddAR5xPn1BBRWcJSr6duLdsALiUciFarpQ0v3AXlkod52QX/ow2 y0iE1ismiAl4io8DcE37Cwv7pfqLF+eWID+X1z9dXyNKQP+BmX6UbKxFG1oqUd/2QyMh Fgxg== X-Gm-Message-State: ANoB5pnq3d5QKe6qSyq7j5pcq+RWt0N6xO47G19dsmprzwQlyKTIFa9E dfa86ZCUaNboyk/PZU8qGGVfG/YOO4N/Jw== X-Google-Smtp-Source: AA0mqf6PZhlF6BkYUj8EvuHS+U0hq2xwgLHDt0yA21eezGeL3sXrkuZNfJaDhh9FXGEP2FbzUjRkEA== X-Received: by 2002:ac8:67c5:0:b0:3a4:f665:7791 with SMTP id r5-20020ac867c5000000b003a4f6657791mr4961498qtp.380.1668735571600; Thu, 17 Nov 2022 17:39:31 -0800 (PST) Received: from smtprelay.homelab.johnhollowell.com (cpe-76-182-68-238.nc.res.rr.com. [76.182.68.238]) by smtp.gmail.com with UTF8SMTPSA id ay34-20020a05620a17a200b006b929a56a2bsm1574475qkb.3.2022.11.17.17.39.31 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Thu, 17 Nov 2022 17:39:31 -0800 (PST) Received: from localhost.localdomain ([10.50.0.102]) by smtprelay.homelab.johnhollowell.com with ESMTP; Thu, 17 Nov 2022 20:39:29 -0500 (EST) From: John Hollowell To: pve-devel@lists.proxmox.com Cc: John Hollowell Date: Fri, 18 Nov 2022 01:39:10 +0000 Message-Id: <20221118013911.2655-2-jhollowe@johnhollowell.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221118013911.2655-1-jhollowe@johnhollowell.com> References: <20221118013911.2655-1-jhollowe@johnhollowell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: =?UTF-8?Q?0=0A=09?=AWL 0.081 Adjusted score from AWL reputation of From: =?UTF-8?Q?address=0A=09?=BAYES_00 -1.9 Bayes spam probability is 0 to 1% FREEMAIL_FORGED_FROMDOMAIN 0.001 2nd level domains in From and EnvelopeFrom freemail headers are =?UTF-8?Q?different=0A=09?=FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail =?UTF-8?Q?provider=0A=09?=HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are =?UTF-8?Q?different=0A=09?=KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict =?UTF-8?Q?Alignment=0A=09?=RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no =?UTF-8?Q?trust=0A=09?=RCVD_IN_MSPIKE_H3 0.001 Good reputation (+3) RCVD_IN_MSPIKE_WL 0.001 Mailspike good =?UTF-8?Q?senders=0A=09?=SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF =?UTF-8?Q?Record=0A=09?=SPF_PASS -0.001 SPF: sender matches SPF =?UTF-8?Q?record=0A=09?=URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [anyevent.pm] Subject: [pve-devel] [PATCH v2 http-server 1/2] fix #4344: http-server: ignore unused multipart headers X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Nov 2022 01:40:11 -0000 Signed-off-by: John Hollowell --- src/PVE/APIServer/AnyEvent.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm index f397a8c..d958642 100644 --- a/src/PVE/APIServer/AnyEvent.pm +++ b/src/PVE/APIServer/AnyEvent.pm @@ -1215,15 +1215,15 @@ sub file_upload_multipart { $extract_form_disposition->('checksum'); if ($hdl->{rbuf} =~ - s/^${delim_re} - Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"${newline_re} - Content-Type:\ \S*\s+ - //sxx + s/^${delim_re}Content-Disposition:\ (.*?);\ name="(.*?)";\ filename="([^"]+)"//sxx ) { assert_form_disposition($1); die "wrong field name '$2' for file upload, expected 'filename'" if $2 ne "filename"; $rstate->{phase} = 2; $rstate->{params}->{filename} = trim($3); + + # remove any remaining multipart "headers" like Content-Type + $hdl->{rbuf} =~ s/^.*?${newline_re}{2}//s } } -- 2.30.2