From b17ba8c110dbc524a0d62a821b71cebaaf251579 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Wed, 13 Jul 2005 20:51:12 +0000 Subject: [PATCH] MFH: Fixed bug #33673 (Added detection for partially uploaded files). --- main/rfc1867.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/main/rfc1867.c b/main/rfc1867.c index adcfc10099..8a535c9943 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -131,6 +131,7 @@ void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int #define UPLOAD_ERROR_C 3 /* Partially uploaded */ #define UPLOAD_ERROR_D 4 /* No file uploaded */ #define UPLOAD_ERROR_E 6 /* Missing /tmp or similar directory */ +#define UPLOAD_ERROR_F 7 /* Failed to write file to disk */ void php_rfc1867_register_constants(TSRMLS_D) { @@ -140,6 +141,7 @@ void php_rfc1867_register_constants(TSRMLS_D) REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_PARTIAL", UPLOAD_ERROR_C, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_FILE", UPLOAD_ERROR_D, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_TMP_DIR", UPLOAD_ERROR_E, CONST_CS | CONST_PERSISTENT); + REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F, CONST_CS | CONST_PERSISTENT); } static void normalize_protected_variable(char *varname TSRMLS_DC) @@ -704,7 +706,7 @@ static void *php_ap_memstr(char *haystack, int haystacklen, char *needle, int ne /* read until a boundary condition */ -static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes TSRMLS_DC) +static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes, int *end TSRMLS_DC) { int len, max; char *bound; @@ -717,6 +719,9 @@ static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes TS /* look for a potential boundary match, only read data up to that point */ if ((bound = php_ap_memstr(self->buf_begin, self->bytes_in_buffer, self->boundary_next, self->boundary_next_len, 1))) { max = bound - self->buf_begin; + if (end && php_ap_memstr(self->buf_begin, self->bytes_in_buffer, self->boundary_next, self->boundary_next_len, 0)) { + *end = 1; + } } else { max = self->bytes_in_buffer; } @@ -753,7 +758,7 @@ static char *multipart_buffer_read_body(multipart_buffer *self TSRMLS_DC) char buf[FILLUNIT], *out=NULL; int total_bytes=0, read_bytes=0; - while((read_bytes = multipart_buffer_read(self, buf, sizeof(buf) TSRMLS_CC))) { + while((read_bytes = multipart_buffer_read(self, buf, sizeof(buf), NULL TSRMLS_CC))) { out = erealloc(out, total_bytes + read_bytes + 1); memcpy(out + total_bytes, buf, read_bytes); total_bytes += read_bytes; @@ -858,6 +863,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) { char *pair=NULL; + int end=0; while (isspace(*cd)) { ++cd; @@ -988,7 +994,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) cancel_upload = UPLOAD_ERROR_D; } - while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff) TSRMLS_CC))) + end = 0; + while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff), &end TSRMLS_CC))) { if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) { #if DEBUG_FILE_UPLOAD @@ -1007,7 +1014,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #if DEBUG_FILE_UPLOAD sapi_module.sapi_error(E_NOTICE, "Only %d bytes were written, expected to write %d", wlen, blen); #endif - cancel_upload = UPLOAD_ERROR_C; + cancel_upload = UPLOAD_ERROR_F; } else { total_bytes += wlen; } @@ -1016,7 +1023,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (fd!=-1) { /* may not be initialized if file could not be created */ close(fd); } - + if (!cancel_upload && !end) { +#if DEBUG_FILE_UPLOAD + sapi_module.sapi_error(E_NOTICE, "Missing mime boundary at the end of the data for file %s", strlen(filename) > 0 ? filename : ""); +#endif + cancel_upload = UPLOAD_ERROR_C; + } #if DEBUG_FILE_UPLOAD if(strlen(filename) > 0 && total_bytes == 0 && !cancel_upload) { sapi_module.sapi_error(E_WARNING, "Uploaded file size 0 - file [%s=%s] not saved", param, filename); -- 2.50.1