[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] [PATCH] Yeti multipart/form-data parameter lossage

From: Christian Grothoff
Subject: Re: [libmicrohttpd] [PATCH] Yeti multipart/form-data parameter lossage
Date: Wed, 05 Dec 2012 19:27:01 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.10) Gecko/20121027 Icedove/10.0.10

Dear Matt,

Thanks for the patch! That one must have been hard to reproduce & find. Fixed as suggested in SVN 25267; MHD_VERSION >= 00091701 / MHD > 0.9.23.

Happy hacking!


On 12/05/2012 07:10 PM, Matthew Mundell wrote:

We've been having some mysterious parameter loss of POST parameters in
OpenVAS's GSA.  This only happens with IE8 and Chrome.  We saw this with
libmicrohttpd 0.9.19 and 0.9.20.

The cause looks to be an error in libmicrohttpd.  Patch to 0.9.20 to
resolve below.

In post_process_multipart in postprocessor.c the PP_Init state calls
find_boundary to find the first boundary.  If there is junk before the
first boundary it just reads over the junk.  However, it is also reading
over the actual boundary when there was too little data to determine
whether the next character is the start of the boundary.

In the error case Chrome seems to sends the POST request in multiple
writes.  The first chunk includes a single "-" from the first boundary at
end of the headers.  Thus libmicrohttpd has a partial boundary to deal

I guess Chrome intends to send just the headers but gets the count wrong
due to sending the initial P of the POST on its own (all the browsers do
that for some reason).  Firefox on the other hand sends the headers and the
body in a single write, so it always works.

Thanks, and thanks for libmicrohttpd!


*** src/daemon/postprocessor.c.orig.bak 2012-01-30 20:53:14.000000000 +0200
--- src/daemon/postprocessor.c  2012-11-30 19:55:07.000000000 +0200
*** 495,500 ****
--- 495,501 ----
         if (pp->state != PP_Init)
           pp->state = PP_Error;
+       ++(*ioffptr);
         return MHD_NO;            /* expected boundary */
     /* remove boundary from buffer */
*** 836,847 ****
              *>  anything that appears before the first boundary delimiter
              *>  line or after the last one.
!           if (MHD_NO == find_boundary (pp,
!                                        pp->boundary,
!                                        pp->blen,
!                                        PP_ProcessEntryHeaders, PP_Done))
!             ++ioff;
           case PP_NextBoundary:
             if (MHD_NO == find_boundary (pp,
--- 837,847 ----
              *>  anything that appears before the first boundary delimiter
              *>  line or after the last one.
!           find_boundary (pp,
!                          pp->boundary,
!                          pp->blen,
!                          PP_ProcessEntryHeaders, PP_Done);
           case PP_NextBoundary:
             if (MHD_NO == find_boundary (pp,

Greenbone Networks GmbH
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner

reply via email to

[Prev in Thread] Current Thread [Next in Thread]