From patchwork Fri Sep 15 10:40:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Glembotzki X-Patchwork-Id: 1834847 X-Patchwork-Delegate: sbabic@denx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20230601 header.b=Qqswmkcw; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=C5s4hXWE; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::138; helo=mail-lf1-x138.google.com; envelope-from=swupdate+bncbdy5juxlviebb37jscuamgqebv5owkq@googlegroups.com; receiver=patchwork.ozlabs.org) Received: from mail-lf1-x138.google.com (mail-lf1-x138.google.com [IPv6:2a00:1450:4864:20::138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4Rn9jh1M8kz1yhZ for ; Fri, 15 Sep 2023 20:41:58 +1000 (AEST) Received: by mail-lf1-x138.google.com with SMTP id 2adb3069b0e04-4fe55c417fcsf2360987e87.0 for ; Fri, 15 Sep 2023 03:41:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1694774513; cv=pass; d=google.com; s=arc-20160816; b=fPp3GkgbQx2LAgOlKlxpGaDzxmIdmGcpG/zjOvBW6hR1CcoZPZdPkp2q1vOOhHjSxm kYuJ8GnhqdZvSVBiruZL7IbSWvoALV60bpUyoPknHMbI9WjNMLoLo2SVNOsJe9jmI7fJ pFYb39VnnWFnGHkj+lDg170sxMEULQIl0+rJsWIKyEvfZdTYbJg8kBzAQ2uq1w26Th+V IhqiH9EIBZx5htn2RPiii+IvfG+4HL9SxX2NilZq70yxJGiAVcPHAmCgmSGw7KTfNfjo 41PmROwgyMtKw/Jy5BGgJKWXceYicQ5diy73Mz50B22aio2dTNAK1oztuKkzMw0BSJZX wBKw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:message-id:date :subject:cc:to:from:sender:dkim-signature:dkim-signature; bh=+8AnJ+lodpYu3OxSHuok0cerU62SI/3NLnWj9mQiJms=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=QT43oDIrg9vCz9ZcAL3Z4jW6JdPgHYNf64xM0sS17gUdN4bI9QP4GSTC6PdFfsRUXM 15D1STwmJrh1PXC7a4r4tu4bUylcv6DQija7kXVS3ZWGSbVo+EHZ3e7J0QhUkusFYaJN KxiPyYTz7ltGFm7KIbtN5xYRekwvCQfU2Tt1pxWjtjBCUAODX0UKhlFN9ICpZaiGtHO/ ET2Z06NniCLFtFrEVSMbEeS4+KvTRJNjdlcMQnoCkORf2xXJoLVfNKKPVbR+hdm0/K1t gQMhgJIrBeDic/4irCUiojAUiCpBu/gwTCe8KBl0MfKNrCgvIJ7kl6sA9wKqoO4cQ5Bt 8X6g== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NwB+EHP8; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1694774513; x=1695379313; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :sender:from:to:cc:subject:date:message-id:reply-to; bh=+8AnJ+lodpYu3OxSHuok0cerU62SI/3NLnWj9mQiJms=; b=Qqswmkcwy8iVZzt2xHIKUUvVHyW8jv8KsJ6TxOfooWDTtFx9iUmW/ota9xbXTQBlMm GwTF4tk3fg2st+NiHR+QWYt4BRHm8YYG4yYXnBjx5qgzkkGJsPB96MrgwW2e5IsKGCq9 W4qz0F05/KlEis5JC50JseQ1jWBctKAa0KeU+YGxG1wHPLr5eVChMDZYI+osUUKKmGg9 Hf3h7cHQkikJSh+cjyknx4IZXHeISsikxWs6DWbob2C5cettok/wn6YzO8poOJaIdQtO NoIAZ6nC46QCAb7TRns52TW6ws7VvdbRPaDdoEk4C9ObhXDCk9aIBgRqJDPXdy0tf3YB nJcQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1694774513; x=1695379313; darn=patchwork.ozlabs.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:mime-version:message-id:date:subject:cc:to:from :from:to:cc:subject:date:message-id:reply-to; bh=+8AnJ+lodpYu3OxSHuok0cerU62SI/3NLnWj9mQiJms=; b=C5s4hXWELNFBxEG9kVWyyIM6asPwIimyxperxYMXPBYSCzfxx+BIfCoy6TeFGwn0ae HeXIUefBKYq2T8I3cLZarjztZczngVLpwUgxFiazPVS8sIauiZuL1zGaU3TqffGL0rZT HN+fargY1AYP/uOTIbxMq8sIJQy6ySWjF0lxF6+DdtRqvmR2H2ohtTL8D5Pn3FQwPcOv 5izbgBzjbSwmyx5UKAlO7vjahfnIGawi2XZev/w0v28BFhSxEC1svhdXE+2+M3gFGMJ9 M78J7eRrzeqRbYqBWnhSZxXixI/FKTuwcwTQyFUM2Zz/2zuHhWMQ8qo5xnpoQQVfCnwg 03QA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694774513; x=1695379313; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=+8AnJ+lodpYu3OxSHuok0cerU62SI/3NLnWj9mQiJms=; b=NGzyVzy2A1OAm7koaDbMEbWarqZOJqJ3ar2FEKdqr+wyIV5CbNXzgd4Jl0V8GbyNpg kEgn9zm0wPe7OeHLFdRNVqzr43WEIwF3uvTNwRzoA4oFCNHAetA3ULiYy3FbJisZeqbu +QuByR+hzsqTxSgPgb/FxFJp9AAY0fO065MQmKbeZPDGrIEcEzH9xnfZbqgkXbY/AjY+ 7EVy/em0758eJPAaa0qHLCiB0HYV8Bs9t2EC4SM3olaPklgJ5RQfi+8S1zW4K/XlHWve AjfOmhDXZyn56NY3VZG/D/Ln+CXkOkiOT6qvhIQXAabex8KTNt0FLjrA7viI8XmbxoQV zLVg== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOJu0YxJpWro+0hA4QEHfrulLHpBCIIYeCCE4DjpgFljnOuUrcqzpURq vpS4qjPg5xHN+hfLhQtW91s= X-Google-Smtp-Source: AGHT+IFLoUSQQfbfHefJ3CNTUhl2dH9U5eP0sI6HJN+BlCuctEArJycf2qTBqGvmrFNk4OYWpsoqYw== X-Received: by 2002:a2e:8898:0:b0:2b6:ccd6:3ec2 with SMTP id k24-20020a2e8898000000b002b6ccd63ec2mr1186463lji.36.1694774512426; Fri, 15 Sep 2023 03:41:52 -0700 (PDT) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a2e:8558:0:b0:2bb:94e3:fea9 with SMTP id u24-20020a2e8558000000b002bb94e3fea9ls56215ljj.2.-pod-prod-02-eu; Fri, 15 Sep 2023 03:41:50 -0700 (PDT) X-Received: by 2002:a2e:b002:0:b0:2bc:f78a:e5e0 with SMTP id y2-20020a2eb002000000b002bcf78ae5e0mr1151762ljk.43.1694774510027; Fri, 15 Sep 2023 03:41:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694774510; cv=none; d=google.com; s=arc-20160816; b=UzFfbROJJjn1KGUE/O7u169Kwj4QiENq8Rho0/rIKsbjQo6J86Qn38VKxVyS0demjz uiBvW3p5d9Ybbxq0b8elAUHI12t+hIesKLRnCyoX1za8nGC3QRWYKOC63upQcLpJIfFQ SG3SX2czWpMO3GODVPiMrzC/+GClP6+Wm98edE1T43HzlLZNhD0pBBd/NiCM6w5MGkbD iG/RiSt9taf/mcDrO8ykzcpiGYeB1TyffJYxl5sLKaLzLmnstqGmxbdptVXNfxpVyJBR aFhcyhGmwcfGp4H91Ci6qnt16t3iywPdfjBJPL8FcPk1PVDbAd6Zee2wY1ojM7SwwcM/ xlLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=suZ7H6hpiR3/scvoy69Yulqkw6TKrX4aGanjUEskcXY=; fh=zydHuzCQWrku2OPQyZfraJZFcOpEXLQ/YBcu3QNiBd0=; b=my9cSMowDNxS/V5U0box56VtlbR6yQu2HGJbLeO39fOsfqBAgcjqe9H2zZEQNHFyri 13SY/w48D57Gb+TyZWcdfxfjJ9mUmeykWdTxqprOs9Ijf8yiIVe34qdG6ZsUYTmqgw/z S1gUbdUlEz0IuxwgZfRfbAZLppnjS+inywcPA2lup2qku8+MisHCbrL6RShthozdSXSx 1FqPPpXbBxtQtBc3VndTdqjyDgP7f6eoGxLOqcdLF/wDY79trScHowSbJURg8TZj39My WrUD3aCeRJVgYEpGbdepNAtueQaf8suWbykpVpjP80+NxCQSEqMchjuWerE+ZORMQur7 sJ4w== ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NwB+EHP8; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com. [2a00:1450:4864:20::12c]) by gmr-mx.google.com with ESMTPS id bz18-20020a05651c0c9200b002b6f8d5f93csi298390ljb.2.2023.09.15.03.41.50 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 15 Sep 2023 03:41:50 -0700 (PDT) Received-SPF: pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) client-ip=2a00:1450:4864:20::12c; Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-502b0d23f28so3307529e87.2 for ; Fri, 15 Sep 2023 03:41:50 -0700 (PDT) X-Received: by 2002:a05:6512:3c95:b0:500:acf1:b42f with SMTP id h21-20020a0565123c9500b00500acf1b42fmr1476458lfv.53.1694774509272; Fri, 15 Sep 2023 03:41:49 -0700 (PDT) Received: from PC-2635.irisgmbh.local (dslb-002-203-161-041.002.203.pools.vodafone-ip.de. [2.203.161.41]) by smtp.gmail.com with ESMTPSA id c1-20020aa7c981000000b00523653295f9sm2051607edt.94.2023.09.15.03.41.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Sep 2023 03:41:48 -0700 (PDT) From: Michael Glembotzki To: swupdate@googlegroups.com Cc: Michael Glembotzki Subject: [swupdate] [PATCH] mongoose: Fix request handling of malformed data for multipart/formdata Date: Fri, 15 Sep 2023 12:40:49 +0200 Message-ID: <20230915104049.52749-1-Michael.Glembotzki@iris-sensing.com> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 X-Original-Sender: m.glembo@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NwB+EHP8; spf=pass (google.com: domain of m.glembo@gmail.com designates 2a00:1450:4864:20::12c as permitted sender) smtp.mailfrom=m.glembo@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Check whether the connection pfn_data is set How to reproduce the bug? $ curl "http://localhost:8080/swupdate/upload" -X POST \ -H "Content-Type: multipart/form-data" -d {} Signed-off-by: Michael Glembotzki --- mongoose/mongoose_multipart.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/mongoose/mongoose_multipart.c b/mongoose/mongoose_multipart.c index b1741c9..fccc5a6 100644 --- a/mongoose/mongoose_multipart.c +++ b/mongoose/mongoose_multipart.c @@ -270,6 +270,11 @@ static int mg_http_multipart_continue_wait_for_chunk(struct mg_connection *c) { static void mg_http_multipart_continue(struct mg_connection *c) { struct mg_http_multipart_stream *mp_stream = c->pfn_data; + + if(mp_stream == NULL) { + return; + } + while (1) { switch (mp_stream->state) { case MPS_BEGIN: {