Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mime/multipart: ParseForm excludes parts with empty name #63629

Closed
xiaomi1991 opened this issue Oct 19, 2023 · 4 comments
Closed

mime/multipart: ParseForm excludes parts with empty name #63629

xiaomi1991 opened this issue Oct 19, 2023 · 4 comments
Labels
WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.

Comments

@xiaomi1991
Copy link

What version of Go are you using (go version)?

$ go version
go version go1.21.3 windows/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GO111MODULE=on
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\xm\AppData\Local\go-build
set GOENV=C:\Users\xm\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\xm\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\xm\go
set GOPRIVATE=
set GOPROXY=goproxy.cn,direct
set GOROOT=D:\Program Files\Go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLCHAIN=auto
set GOTOOLDIR=D:\Program Files\Go\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.21.1
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=0
set GOMOD=E:\GoWorkSpace\testGin\go.mod
set GOWORK=
set CGO_CFLAGS=-O2 -g
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-O2 -g
set CGO_FFLAGS=-O2 -g
set CGO_LDFLAGS=-O2 -g
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=C:\Users\xm\AppData\Local\Temp\go-build3776338215=/tmp/go-build -gno-record-gcc-switches

What did you do?

the program is that!

package main

import (
	"fmt"
	"net/http"
)

func main() {
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		s := r.FormValue("test")
		fmt.Printf("s: %v\n", s)
		s1 := r.FormValue("")
		fmt.Printf("s1: %v\n", s1)
	})
	http.ListenAndServe(":8080", nil)
}

and the request is that

POST / HTTP/1.1
User-Agent: PostmanRuntime/7.33.0
Accept: */*
Postman-Token: 801116a8-46d4-4cf2-bf28-3ecd8f92434d
Host: 127.0.0.1:8080
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=--------------------------577807249982019416356032
Content-Length: 2358

----------------------------577807249982019416356032
Content-Disposition: form-data; name="test"

1111111111
----------------------------577807249982019416356032
Content-Disposition: form-data; name=""

222
----------------------------577807249982019416356032
Content-Disposition: form-data; name=""; filename="flash_all_lock.sh"
Content-Type: application/x-sh

echo "santoni Fastboot Tool Ver 3.0"

fastboot $* getvar product 2>&1 | grep "^product: santoni"

if [ $? -ne 0 ] ; then echo "Missmatching image and device"; exit 1; fi

fastboot $* flash partition `dirname $0`/images/gpt_both0.bin

fastboot $* flash tz `dirname $0`/images/tz.mbn
fastboot $* flash sbl1 `dirname $0`/images/sbl1.mbn
fastboot $* flash rpm `dirname $0`/images/rpm.mbn
fastboot $* flash aboot `dirname $0`/images/emmc_appsboot.mbn

fastboot $* flash tzbak `dirname $0`/images/tz.mbn
fastboot $* flash sbl1bak `dirname $0`/images/sbl1.mbn
fastboot $* flash rpmbak `dirname $0`/images/rpm.mbn
fastboot $* flash abootbak `dirname $0`/images/emmc_appsboot.mbn

fastboot $* flash devcfg `dirname $0`/images/devcfg.mbn 
fastboot $* flash lksecapp `dirname $0`/images/lksecapp.mbn 
fastboot $* flash cmnlib `dirname $0`/images/cmnlib.mbn
fastboot $* flash cmnlib64 `dirname $0`/images/cmnlib64.mbn 
fastboot $* flash keymaster `dirname $0`/images/keymaster.mbn

fastboot $* flash devcfgbak `dirname $0`/images/devcfg.mbn 
fastboot $* flash lksecappbak `dirname $0`/images/lksecapp.mbn 
fastboot $* flash cmnlibbak `dirname $0`/images/cmnlib.mbn 
fastboot $* flash cmnlib64bak `dirname $0`/images/cmnlib64.mbn 
fastboot $* flash keymasterbak `dirname $0`/images/keymaster.mbn

fastboot $* flash dsp `dirname $0`/images/adspso.bin

fastboot $* erase boot
fastboot $* erase mdtp

fastboot $* flash modem `dirname $0`/images/NON-HLOS.bin
fastboot $* flash system `dirname $0`/images/system.img
fastboot $* flash cache `dirname $0`/images/cache.img
fastboot $* flash userdata `dirname $0`/images/userdata.img
fastboot $* flash recovery `dirname $0`/images/recovery.img
fastboot $* flash boot `dirname $0`/images/boot.img

fastboot $* flash misc `dirname $0`/images/misc.img
fastboot $* flash splash `dirname $0`/images/splash.img
fastboot $* flash cust `dirname $0`/images/cust.img

fastboot $* oem lock
fastboot $* reboot

----------------------------577807249982019416356032--

What did you expect to see?

s: 1111111111
s1: 
fh.Filename: flash_all_lock.sh

What did you see instead?

s: 1111111111
s1: 
err: http: no such file
2023/10/19 21:10:21 http: panic serving 127.0.0.1:10502: runtime error: invalid memory address or nil pointer dereference
goroutine 6 [running]:
net/http.(*conn).serve.func1()
	D:/Program Files/Go/src/net/http/server.go:1868 +0xb9
panic({0xafeaa0?, 0xd2a5c0?})
	D:/Program Files/Go/src/runtime/panic.go:920 +0x270
main.main.func1({0xacd979?, 0xc0000a1b20?}, 0xacdacd?)
	e:/GoWorkSpace/testGin/mian.go:18 +0x170
net/http.HandlerFunc.ServeHTTP(0x10?, {0xbb3b00?, 0xc0000be000?}, 0xc0000940ac?)
	D:/Program Files/Go/src/net/http/server.go:2136 +0x29
net/http.(*ServeMux).ServeHTTP(0x8cd705?, {0xbb3b00, 0xc0000be000}, 0xc000098000)
	D:/Program Files/Go/src/net/http/server.go:2514 +0x142
net/http.serverHandler.ServeHTTP({0xbb2e10?}, {0xbb3b00?, 0xc0000be000?}, 0x6?)
	D:/Program Files/Go/src/net/http/server.go:2938 +0x8e
net/http.(*conn).serve(0xc000124000, {0xbb3ff8, 0xc00001eb10})
	D:/Program Files/Go/src/net/http/server.go:2009 +0x5f4
created by net/http.(*Server).Serve in goroutine 1
	D:/Program Files/Go/src/net/http/server.go:3086 +0x5cb
@seankhliao
Copy link
Member

I don't think you've shown the part where the file is read, nor that it isn't something like antivirus removing the file.

@seankhliao seankhliao added the WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided. label Oct 19, 2023
@xiaomi1991
Copy link
Author

xiaomi1991 commented Oct 20, 2023
edited

I don't think you've shown the part where the file is read, nor that it isn't something like antivirus removing the file.

sorry, i have change the code.the new code is that

func main() {
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		s := r.FormValue("test")
		fmt.Printf("s: %v\n", s)
		s1 := r.FormValue("")
		fmt.Printf("s1: %v\n", s1)
		_, fh, err := r.FormFile("")
		if err != nil {
			fmt.Printf("err: %v\n", err.Error())
		}
		fmt.Printf("fh.Filename: %v\n", fh.Filename)
	})
	http.ListenAndServe(":8080", nil)
}

image

i can’t get the value when i post a form-data and the name is empty string.i can’t get the file, when the name is empty string.

@xiaomi1991 xiaomi1991 changed the title affected/package: affected/package: i can‘t get then value,when post a form-data and the name is empty Oct 20, 2023
@seankhliao seankhliao changed the title affected/package: i can‘t get then value,when post a form-data and the name is empty mime/multipart: ParseForm excludes parts with empty name Oct 20, 2023
@seankhliao
Copy link
Member

seems like an unfortunate consequence of not being able to distinguish between empty and unset https://cs.opensource.google/go/go/+/refs/tags/go1.21.3:src/mime/multipart/formdata.go;l=123

If you need it, you can use the multipart Reader directly to parse the body.

@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Oct 20, 2023
@xiaomi1991
Copy link
Author

seems like an unfortunate consequence of not being able to distinguish between empty and unset https://cs.opensource.google/go/go/+/refs/tags/go1.21.3:src/mime/multipart/formdata.go;l=123

If you need it, you can use the multipart Reader directly to parse the body.

in that code https://cs.opensource.google/go/go/+/refs/tags/go1.21.3:src/mime/multipart/formdata.go;l=123.
if delete the code i can get my value.

		if name == "" {
			continue
		}

is it a read formdata.go's bug. i am a new gopher, so i need your help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
WaitingForInfo Issue is not actionable because of missing required information, which needs to be provided.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seankhliao @xiaomi1991