commit 2027b939dd510f5d68fac853394a7b7d3fec191b
parent 5eb408d091554c2b6b4c09d47dfd50cd5d9206ec
Author: Christian Grothoff <christian@grothoff.org>
Date: Wed, 5 Dec 2012 18:28:17 +0000
Matthew Mundell wrote:
Hi
We've been having some mysterious parameter loss of POST parameters in
OpenVAS's GSA. This only happens with IE8 and Chrome. We saw this with
libmicrohttpd 0.9.19 and 0.9.20.
The cause looks to be an error in libmicrohttpd. Patch to 0.9.20 to
resolve below.
In post_process_multipart in postprocessor.c the PP_Init state calls
find_boundary to find the first boundary. If there is junk before the
first boundary it just reads over the junk. However, it is also reading
over the actual boundary when there was too little data to determine
whether the next character is the start of the boundary.
In the error case Chrome seems to sends the POST request in multiple
writes. The first chunk includes a single "-" from the first boundary at
end of the headers. Thus libmicrohttpd has a partial boundary to deal
with.
I guess Chrome intends to send just the headers but gets the count wrong
due to sending the initial P of the POST on its own (all the browsers do
that for some reason). Firefox on the other hand sends the headers and the
body in a single write, so it always works.
Thanks, and thanks for libmicrohttpd!
Matt
Diffstat:
6 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/AUTHORS b/AUTHORS
@@ -39,6 +39,7 @@ Sven Geggus <sts@fuchsschwanzdomain.de>
Steve Wolf <stevewolf6@gmail.com>
Brecht Sanders <brecht@sanders.org>
Jan Janak <jan@janakj.org>
+Matthew Mundell <matthew.mundell@greenbone.net>
Documentation contributions also came from:
Marco Maggi <marco.maggi-ipsu@poste.it>
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,11 @@
+Wed Dec 5 19:22:26 CET 2012
+ Fixing parameter loss of POST parameters with IE8 and Chrome
+ in the PostProcessor as the code failed to properly handle
+ partial data. -MM
+
+Fri Nov 9 21:36:46 CET 2012
+ Releasing libmicrohttpd 0.9.23. -CG
+
Thu Nov 8 22:32:59 CET 2012
Ship our own version of tsearch and friends if not provided by platform,
so that MHD works nicely on Android. -JJ
diff --git a/config.guess b/config.guess
@@ -4,7 +4,7 @@
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
# 2011, 2012 Free Software Foundation, Inc.
-timestamp='2012-09-25'
+timestamp='2012-08-14'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -306,7 +306,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit ;;
- arm*:riscos:*:*|arm*:RISCOS:*:*)
+ arm:riscos:*:*|arm:RISCOS:*:*)
echo arm-unknown-riscos
exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
diff --git a/configure.ac b/configure.ac
@@ -21,14 +21,14 @@
#
#
AC_PREREQ(2.57)
-AC_INIT([libmicrohttpd], [0.9.22],[libmicrohttpd@gnu.org])
+AC_INIT([libmicrohttpd], [0.9.23],[libmicrohttpd@gnu.org])
AM_INIT_AUTOMAKE([silent-rules])
AM_CONFIG_HEADER([MHD_config.h])
AC_CONFIG_MACRO_DIR([m4])
AH_TOP([#define _GNU_SOURCE 1])
LIB_VERSION_CURRENT=26
-LIB_VERSION_REVISION=1
+LIB_VERSION_REVISION=2
LIB_VERSION_AGE=16
AC_SUBST(LIB_VERSION_CURRENT)
AC_SUBST(LIB_VERSION_REVISION)
diff --git a/src/daemon/postprocessor.c b/src/daemon/postprocessor.c
@@ -494,6 +494,7 @@ find_boundary (struct MHD_PostProcessor *pp,
{
if (pp->buffer_pos == pp->buffer_size)
pp->state = PP_Error; /* out of memory */
+ ++(*ioffptr);
return MHD_NO; /* not enough data */
}
if ((0 != memcmp ("--", buf, 2)) || (0 != memcmp (&buf[2], boundary, blen)))
@@ -841,12 +842,11 @@ post_process_multipart (struct MHD_PostProcessor *pp,
* > anything that appears before the first boundary delimiter
* > line or after the last one.
*/
- if (MHD_NO == find_boundary (pp,
- pp->boundary,
- pp->blen,
- &ioff,
- PP_ProcessEntryHeaders, PP_Done))
- ++ioff;
+ (void) find_boundary (pp,
+ pp->boundary,
+ pp->blen,
+ &ioff,
+ PP_ProcessEntryHeaders, PP_Done);
break;
case PP_NextBoundary:
if (MHD_NO == find_boundary (pp,
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
@@ -106,7 +106,7 @@ extern "C"
/**
* Current version of the library.
*/
-#define MHD_VERSION 0x00091600
+#define MHD_VERSION 0x00091700
/**
* MHD-internal return code for "YES".
