1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
From 4e5a313524da62600eb59dbf98624cfe946456f8 Mon Sep 17 00:00:00 2001
From: Emmanuel T Odeke <emmanuel@orijtech.com>
Date: Tue, 20 Oct 2020 04:11:12 -0700
Subject: [PATCH] net/http: test that ParseMultipartForm catches overflows
Tests that if the combination of:
* HTTP multipart file payload size
* ParseMultipartForm's maxMemory parameter
* the internal leeway buffer size of 10MiB
overflows, then we'll report an overflow instead of silently
passing.
Reapplies and fixes CL 254977, which was reverted in CL 263658.
The prior test lacked a res.Body.Close(), so fixed that and
added a leaked Transport check to verify correctness.
Updates 40430.
Change-Id: I3c0f7ef43d621f6eb00f07755f04f9f36c51f98f
Reviewed-on: https://go-review.googlesource.com/c/go/+/263817
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
Trust: Damien Neil <dneil@google.com>
Upstream-Status: Backport [https://github.com/golang/go/commit/4e5a313524da62600eb59dbf98624cfe946456f8]
CVE: CVE-2022-41725 #Dependency Patch2
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
src/net/http/request_test.go | 45 ++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go
index b4ef472e71229..19526b9ad791a 100644
--- a/src/net/http/request_test.go
+++ b/src/net/http/request_test.go
@@ -13,6 +13,7 @@ import (
"fmt"
"io"
"io/ioutil"
+ "math"
"mime/multipart"
. "net/http"
"net/http/httptest"
@@ -245,6 +246,50 @@ func TestParseMultipartForm(t *testing.T) {
}
}
+// Issue #40430: Test that if maxMemory for ParseMultipartForm when combined with
+// the payload size and the internal leeway buffer size of 10MiB overflows, that we
+// correctly return an error.
+func TestMaxInt64ForMultipartFormMaxMemoryOverflow(t *testing.T) {
+ defer afterTest(t)
+
+ payloadSize := 1 << 10
+ cst := httptest.NewServer(HandlerFunc(func(rw ResponseWriter, req *Request) {
+ // The combination of:
+ // MaxInt64 + payloadSize + (internal spare of 10MiB)
+ // triggers the overflow. See issue https://golang.org/issue/40430/
+ if err := req.ParseMultipartForm(math.MaxInt64); err != nil {
+ Error(rw, err.Error(), StatusBadRequest)
+ return
+ }
+ }))
+ defer cst.Close()
+ fBuf := new(bytes.Buffer)
+ mw := multipart.NewWriter(fBuf)
+ mf, err := mw.CreateFormFile("file", "myfile.txt")
+ if err != nil {
+ t.Fatal(err)
+ }
+ if _, err := mf.Write(bytes.Repeat([]byte("abc"), payloadSize)); err != nil {
+ t.Fatal(err)
+ }
+ if err := mw.Close(); err != nil {
+ t.Fatal(err)
+ }
+ req, err := NewRequest("POST", cst.URL, fBuf)
+ if err != nil {
+ t.Fatal(err)
+ }
+ req.Header.Set("Content-Type", mw.FormDataContentType())
+ res, err := cst.Client().Do(req)
+ if err != nil {
+ t.Fatal(err)
+ }
+ res.Body.Close()
+ if g, w := res.StatusCode, StatusBadRequest; g != w {
+ t.Fatalf("Status code mismatch: got %d, want %d", g, w)
+ }
+}
+
func TestRedirect_h1(t *testing.T) { testRedirect(t, h1Mode) }
func TestRedirect_h2(t *testing.T) { testRedirect(t, h2Mode) }
func testRedirect(t *testing.T, h2 bool) {
|
