Fix indexOutOfBoundsException when multipart/form-data is incorrect value (#9688)
Motivation: HttpPostRequestDecoder.splitHeaderContentType() throws a StringIndexOutOfBoundsException when it parses a Content-Type header that starts with a semicolon ;. We should skip the execution for incorrect multipart form data. Modification: Avoid invocation of HttpPostRequestDecoder#splitHeaderContentType(...) for incorrect multipart form data content-type. Result: Fixes #8554
This commit is contained in:
parent
c9c290019e
commit
b17371c198
@ -136,11 +136,11 @@ public class HttpPostRequestDecoder implements InterfaceHttpPostRequestDecoder {
|
||||
* @return True if the request is a Multipart request
|
||||
*/
|
||||
public static boolean isMultipart(HttpRequest request) {
|
||||
if (request.headers().contains(HttpHeaderNames.CONTENT_TYPE)) {
|
||||
return getMultipartDataBoundary(request.headers().get(HttpHeaderNames.CONTENT_TYPE)) != null;
|
||||
} else {
|
||||
return false;
|
||||
String mimeType = request.headers().get(HttpHeaderNames.CONTENT_TYPE);
|
||||
if (mimeType != null && mimeType.startsWith(HttpHeaderValues.MULTIPART_FORM_DATA.toString())) {
|
||||
return getMultipartDataBoundary(mimeType) != null;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -29,6 +29,7 @@ import io.netty.handler.codec.http.HttpContent;
|
||||
import io.netty.handler.codec.http.HttpHeaderNames;
|
||||
import io.netty.handler.codec.http.HttpHeaderValues;
|
||||
import io.netty.handler.codec.http.HttpMethod;
|
||||
import io.netty.handler.codec.http.HttpRequest;
|
||||
import io.netty.handler.codec.http.HttpVersion;
|
||||
import io.netty.handler.codec.http.LastHttpContent;
|
||||
import io.netty.util.CharsetUtil;
|
||||
@ -734,4 +735,17 @@ public class HttpPostRequestDecoderTest {
|
||||
assertTrue(request.release());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMultipartFormDataContentType() {
|
||||
HttpRequest request = new DefaultHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.POST, "/");
|
||||
assertFalse(HttpPostRequestDecoder.isMultipart(request));
|
||||
|
||||
String multipartDataValue = HttpHeaderValues.MULTIPART_FORM_DATA + ";" + "boundary=gc0p4Jq0M2Yt08jU534c0p";
|
||||
request.headers().set(HttpHeaderNames.CONTENT_TYPE, ";" + multipartDataValue);
|
||||
assertFalse(HttpPostRequestDecoder.isMultipart(request));
|
||||
|
||||
request.headers().set(HttpHeaderNames.CONTENT_TYPE, multipartDataValue);
|
||||
assertTrue(HttpPostRequestDecoder.isMultipart(request));
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user