Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mime/multipart: multipart.Reader.readForm fails if you pass math.MaxInt64 because of overflow #58384

Closed
System-Glitch opened this issue Feb 7, 2023 · 3 comments
Closed

mime/multipart: multipart.Reader.readForm fails if you pass math.MaxInt64 because of overflow #58384

System-Glitch opened this issue Feb 7, 2023 · 3 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.

Comments

@System-Glitch
Copy link

System-Glitch commented Feb 7, 2023
edited

What version of Go are you using (go version)?

$ go version
go version go1.20 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/[redacted]/.cache/go-build"
GOENV="/home/[redacted]/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/[redacted]/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/[redacted]/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/dev/null"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3274595099=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Following this issue: #40430 and this commit: 5246fa5

The issue still occurs if the part filename is empty. No error is returned, the part is added to the form with a length of 0.

// mime/multipart/formdata.go#L68
if filename == "" {
	// value, store as string in memory
	n, err := io.CopyN(&b, p, maxValueBytes+1) // Overflow here
	//...
}

Current workaround is to pass math.MaxInt64 - 1 as the maxMemory parameter.

Demo: https://go.dev/play/p/-GM_8eG1ylb

What did you expect to see?

I would expect the file to be read correctly.

What did you see instead?

The operation failed silently and the file was added to the form with a size of 0 byte.
@seankhliao seankhliao added the NeedsFix The path to resolution is known, but the work has not been done. label Feb 7, 2023
@seankhliao
Copy link
Member

feel free to send a fix

cc @neild @minux

@gopherbot
Copy link

Change https://go.dev/cl/467557 mentions this issue: mime/multipart: fix Reader.ReadForm overflow when passed math.MaxInt64 as the parameter

@gopherbot
Copy link

Change https://go.dev/cl/467615 mentions this issue: mime/multipart: fix maxMemory param overflow

@golang golang locked and limited conversation to collaborators Feb 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@System-Glitch @gopherbot @seankhliao