From f7982784f7732f420b3995b88cec5b6e2b7e74e7 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Mon, 30 Jan 2012 19:03:16 +0000
Subject: fixing #2126

---
 ChangeLog                  |  4 ++++
 src/daemon/postprocessor.c | 27 ++++++++++++++++++++++++---
 src/include/microhttpd.h   |  2 +-
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2ec43ff3..15369be5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Mon Jan 30 20:02:34 CET 2012
+	Fixed handling of garbage prior to first multipart boundary
+	(#2126). -woof
+
 Fri Jan 27 11:00:43 CET 2012
 	Fixed postprocessor failure for applications that enclosed boundary
 	in quotes (#2120). -woof
diff --git a/src/daemon/postprocessor.c b/src/daemon/postprocessor.c
index 966630d8..7b18c88a 100644
--- a/src/daemon/postprocessor.c
+++ b/src/daemon/postprocessor.c
@@ -39,6 +39,7 @@ enum PP_State
   PP_Error,
   PP_Done,
   PP_Init,
+  PP_NextBoundary,
 
   /* url encoding-states */
   PP_ProcessValue,
@@ -492,7 +493,8 @@ find_boundary (struct MHD_PostProcessor *pp,
     }
   if ((0 != memcmp ("--", buf, 2)) || (0 != memcmp (&buf[2], boundary, blen)))
     {
-      pp->state = PP_Error;
+      if (pp->state != PP_Init)
+        pp->state = PP_Error;
       return MHD_NO;            /* expected boundary */
     }
   /* remove boundary from buffer */
@@ -823,6 +825,25 @@ post_process_multipart (struct MHD_PostProcessor *pp,
           pp->state = PP_Error;
           return MHD_NO;
         case PP_Init:
+          /**
+           * Per RFC2046 5.1.1 NOTE TO IMPLEMENTORS, consume anything
+           * prior to the first multipart boundary:
+           *
+           * > There appears to be room for additional information prior
+           * > to the first boundary delimiter line and following the
+           * > final boundary delimiter line.  These areas should
+           * > generally be left blank, and implementations must ignore
+           * > anything that appears before the first boundary delimiter
+           * > line or after the last one.
+           */
+          if (MHD_NO == find_boundary (pp,
+                                       pp->boundary,
+                                       pp->blen,
+                                       &ioff,
+                                       PP_ProcessEntryHeaders, PP_Done))
+            ++ioff;
+          break;
+        case PP_NextBoundary:
           if (MHD_NO == find_boundary (pp,
                                        pp->boundary,
                                        pp->blen,
@@ -914,7 +935,7 @@ post_process_multipart (struct MHD_PostProcessor *pp,
                                        pp->nlen,
                                        &ioff,
                                        PP_Nested_PerformMarking,
-                                       PP_Init /* or PP_Error? */ ))
+                                       PP_NextBoundary /* or PP_Error? */ ))
             {
               if (pp->state == PP_Error)
                 return MHD_NO;
@@ -955,7 +976,7 @@ post_process_multipart (struct MHD_PostProcessor *pp,
                                                    pp->nested_boundary,
                                                    pp->nlen,
                                                    PP_Nested_PerformCleanup,
-                                                   PP_Init))
+                                                   PP_NextBoundary))
             {
               if (pp->state == PP_Error)
                 return MHD_NO;
diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index 1ee99e99..e7a0aeaa 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -106,7 +106,7 @@ extern "C"
 /**
  * Current version of the library.
  */
-#define MHD_VERSION 0x00091200
+#define MHD_VERSION 0x00091201
 
 /**
  * MHD-internal return code for "YES".
-- 
cgit v1.2.3