Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > cgi.rb multipart bug

Reply
Thread Tools

cgi.rb multipart bug

 
 
Brad Hilton
Guest
Posts: n/a
 
      10-06-2003
Hello,

In its current state, cgi.rb can lead to a cgi application spinning out
of control, eating up all cpu resources.

The read_multipart() function of cgi.rb assumes that the client will
post the expected data, as is manifest in the code:

until head and /#{boundary}(?:#{EOL}|--)/n.match(buf)
<snip>...
end

Unfortunately, when a browser interrupts a file upload (for example) the
above condition never becomes true, so the app just spins forever.

Using mozilla as a test case, and uploading a large enough file to the
following script, you can reproduce this by hitting the Reload button on
your browser before the file has uploaded completely.

I'm not sure if it is the perfect solution, but I found that by placing:

raise("Incomplete multipart post") if $stdin.eof?

just inside the above "until" test, the problem disappears. E.g.,

---------------
until head and /#{boundary}(?:#{EOL}|--)/n.match(buf)
raise("Incomplete multipart post") if $stdin.eof?

<rest of code>...
end
---------------

Regards,
Brad Hilton

-----------------------
Sample script: test.cgi
-----------------------

require 'cgi'

cgi = CGI.new

print "Content-type: text/html\n\n"
print <<EOF
<html>
<body>
Hit "Reload" before file has uploaded completely to expose problem...
<form method=post action="test.cgi" enctype="multipart/form-data">
<input type=file name=upload_file size=30>
<br>
<input type=submit value="go">
</form>
</body>
</html>
EOF


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MIME Structure Multipart/Mixed with attachment and Multipart/Alternative blaine@worldweb.com Perl Misc 1 04-04-2007 08:23 PM
*bug* *bug* *bug* David Raleigh Arnold Firefox 12 04-02-2007 03:13 AM
Combine and Decode multipart messages gandalf Firefox 2 09-13-2005 08:18 PM
multipart attachments in Thunderbird morten lund Firefox 0 11-04-2004 02:13 PM
Combine-and-Decode multipart news posts? William W. Plummer Firefox 0 07-03-2004 12:37 AM



Advertisments