From de315d36e01a089063c2e76bb26a6e705365cf66 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Thu, 1 Aug 2019 00:54:42 +0200
Subject: attempt to fix issue with upload data discovered by FD

---
 ChangeLog                   |  4 ++++
 src/include/microhttpd.h    |  2 +-
 src/microhttpd/connection.c | 26 +++++++++++++++++++-------
 3 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b4c065c8..87de3ef9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Thu 01 Aug 2019 12:53:49 AM CEST
+    Fix issue with discarding unhandled upload data discovered
+    by Florian Dold. -CG
+
 Mon 29 Jul 2019 08:01:50 PM CEST
     Fix hanging situation with large transmission over upgraded
     (i.e. Web socket) connection with epoll() and HTTPS enabled
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index f141967c..a2196b9d 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -132,7 +132,7 @@ typedef intptr_t ssize_t;
  * Current version of the library.
  * 0x01093001 = 1.9.30-1.
  */
-#define MHD_VERSION 0x00096504
+#define MHD_VERSION 0x00096505
 
 /**
  * MHD-internal return code for "YES".
diff --git a/src/microhttpd/connection.c b/src/microhttpd/connection.c
index fd977708..6f33dbc1 100644
--- a/src/microhttpd/connection.c
+++ b/src/microhttpd/connection.c
@@ -2624,7 +2624,19 @@ process_request_body (struct MHD_Connection *connection)
   char *buffer_head;
 
   if (NULL != connection->response)
-    return;                     /* already queued a response */
+  {
+    /* already queued a response, discard remaining upload
+       (but not more, there might be another request after it) */
+    uint64_t purge = MHD_MIN (connection->remaining_upload_size,
+                              connection->read_buffer_offset);
+    connection->remaining_upload_size -= purge;
+    if (connection->read_buffer_offset > purge)
+      memmove (connection->read_buffer,
+               &connection->read_buffer[purge],
+               connection->read_buffer_offset - purge);
+    connection->read_buffer_offset -= purge;
+    return;
+  }
 
   buffer_head = connection->read_buffer;
   available = connection->read_buffer_offset;
@@ -2759,19 +2771,19 @@ process_request_body (struct MHD_Connection *connection)
         {
           /* no chunked encoding, give all to the client */
           if ( (0 != connection->remaining_upload_size) &&
-	       (MHD_SIZE_UNKNOWN != connection->remaining_upload_size) &&
-	       (connection->remaining_upload_size < available) )
-	    {
+               (MHD_SIZE_UNKNOWN != connection->remaining_upload_size) &&
+               (connection->remaining_upload_size < available) )
+            {
               to_be_processed = (size_t)connection->remaining_upload_size;
-	    }
+            }
           else
-	    {
+            {
               /**
                * 1. no chunked encoding, give all to the client
                * 2. client may send large chunked data, but only a smaller part is available at one time.
                */
               to_be_processed = available;
-	    }
+            }
         }
       left_unprocessed = to_be_processed;
       connection->client_aware = true;
-- 
cgit v1.2.3