This is a multi-part message in MIME format.

------_extPart_001_01C8AA4E.EE44BE22
Content-Type: multipart/alternative;
	boundary---_extPart_002_01C8AA4E.EE44BE22"


------_extPart_002_01C8AA4E.EE44BE22
Content-Type: text/plain;
	charsetS-ASCII"
Content-Transfer-Encoding: quoted-printable

read_multipart will fail to parse a request when the first part is
exactly 10240 bytes long (including its header, the trailing boundary
and a CRLF).

 

The problem is that it makes one pass through the main loop (around line
992). It reads the body of the part (around line 1035). Which then sets
buf to "". It then breaks out of the outer loop because buf.size == 0.
It does this even though content_length > 0. It then raises EOFError
since the boundary_end is "".

 

I have attached a patch for this bug which only breaks the outer loop if
buf.size == 0 && content_length == 0.

 

Thanks,
Tim

 


------_extPart_002_01C8AA4E.EE44BE22
Content-Type: text/html;
	charsetS-ASCII"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/"mlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types"mlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:Z="urn:schemas-microsoft-com:" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal>read_multipart will fail to parse a request when the first
part is exactly 10240 bytes long (including its header, the trailing boundary
and a CRLF).<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>The problem is that it makes one pass through the main loop
(around line 992). It reads the body of the part (around line 1035). Which then
sets buf to &#8220;&#8221;. It then breaks out of the outer loop because
buf.size == 0. It does this even though content_length &gt; 0. It then raises
EOFError since the boundary_end is &#8220;&#8221;.<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>I have attached a patch for this bug which only breaks the
outer loop if buf.size == 0 &amp;&amp; content_length == 0.<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Thanks,<br>
Tim<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

</div>

</body>

</html>

------_extPart_002_01C8AA4E.EE44BE22--

------_extPart_001_01C8AA4E.EE44BE22
Content-Type: application/octet-stream;
	nameuby-changes.patch"
Content-Transfer-Encoding: base64
Content-Description: ruby-changes.patch
Content-Disposition: attachment;
	filenameuby-changes.patch"

SW5kZXg6IGNnaS5yYg0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PQ0KLS0tIGNnaS5yYgkocmV2aXNpb24gMTYyMzQpDQor
KysgY2dpLnJiCSh3b3JraW5nIGNvcHkpDQpAQCAtMTAyMCwxNiArMTAyMCwxOCBAQA0KICAgICAg
ICAgICAgIGJ1ZlswIC4uLiAoYnVmLnNpemUgLSAoRU9MICsgYm91bmRhcnkgKyBFT0wpLnNpemUp
XSA9ICIiCiAgICAgICAgICAgZW5kCiAKLSAgICAgICAgICBjID0gaWYgYnVmc2l6ZSA8IGNvbnRl
bnRfbGVuZ3RoCi0gICAgICAgICAgICAgICAgc3RkaW5wdXQucmVhZChidWZzaXplKQotICAgICAg
ICAgICAgICBlbHNlCi0gICAgICAgICAgICAgICAgc3RkaW5wdXQucmVhZChjb250ZW50X2xlbmd0
aCkKLSAgICAgICAgICAgICAgZW5kCi0gICAgICAgICAgaWYgYy5uaWw/IHx8IGMuZW1wdHk/Ci0g
ICAgICAgICAgICByYWlzZSBFT0ZFcnJvciwgImJhZCBjb250ZW50IGJvZHkiCi0gICAgICAgICAg
ZW5kCi0gICAgICAgICAgYnVmLmNvbmNhdChjKQotICAgICAgICAgIGNvbnRlbnRfbGVuZ3RoIC09
IGMuc2l6ZQorICAgICAgICAgIGlmIGNvbnRlbnRfbGVuZ3RoID4gMAorCQkJYyA9IGlmIGJ1ZnNp
emUgPCBjb250ZW50X2xlbmd0aAorCQkJCSAgc3RkaW5wdXQucmVhZChidWZzaXplKQorCQkJCWVs
c2UKKwkJCQkgIHN0ZGlucHV0LnJlYWQoY29udGVudF9sZW5ndGgpCisJCQkJZW5kCisJCQlpZiBj
Lm5pbD8gfHwgYy5lbXB0eT8KKwkJCSAgcmFpc2UgRU9GRXJyb3IsICJiYWQgY29udGVudCBib2R5
IgorCQkJZW5kCisJCQlidWYuY29uY2F0KGMpCisJCQljb250ZW50X2xlbmd0aCAtPSBjLnNpemUK
KwkgICAgICBlbmQKICAgICAgICAgZW5kCiAKICAgICAgICAgYnVmID0gYnVmLnN1YigvXEEoKD86
LnxcbikqPykoPzpbXHJcbl17MSwyfSk/I3txdW90ZWRfYm91bmRhcnl9KFtcclxuXXsxLDJ9fC0t
KS9uKSBkbwpAQCAtMTA2OCw4ICsxMDcwLDggQEANCiAgICAgICAgIGVsc2UKICAgICAgICAgICBw
YXJhbXNbbmFtZV0gPSBbYm9keV0KICAgICAgICAgZW5kCi0gICAgICAgIGJyZWFrIGlmIGJ1Zi5z
aXplID09IDAKICAgICAgICAgYnJlYWsgaWYgY29udGVudF9sZW5ndGggPT0gLTEKKyAgICAgICAg
YnJlYWsgaWYgYnVmLnNpemUgPT0gMCAmJiBjb250ZW50X2xlbmd0aCA9PSAwCiAgICAgICBlbmQK
ICAgICAgIHJhaXNlIEVPRkVycm9yLCAiYmFkIGJvdW5kYXJ5IGVuZCBvZiBib2R5IHBhcnQiIHVu
bGVzcyBib3VuZGFyeV9lbmQ9fi8tLS8KIAo-----_extPart_001_01C8AA4E.EE44BE22--