diff options
| author | avivklas <avivklas@gmail.com> | 2020-09-15 08:48:44 +0300 |
|---|---|---|
| committer | Damien Neil <dneil@google.com> | 2020-10-19 17:19:18 +0000 |
| commit | 58eadc232e4fd2633761ffdeeaa922216beee74e (patch) | |
| tree | 4d7b6bf94ec6803ac332e34a8d2ab1fc76247af6 /src/net | |
| parent | 9c017ff30dd21bbdcdb11f39458d3944db530d7e (diff) | |
| download | go-58eadc232e4fd2633761ffdeeaa922216beee74e.tar.gz go-58eadc232e4fd2633761ffdeeaa922216beee74e.zip | |
net/http: test that ParseMultipartForm returns an error for int overflow
ParseMultipartForm has been changed to return an error if maxMemory
parameter + 10MB causes int overflows. This adds a test for the new
behaviour.
For #40430
Change-Id: I4f66ce8a9382940182011d22a84ee52b1d1364cf
Reviewed-on: https://go-review.googlesource.com/c/go/+/254977
Reviewed-by: Damien Neil <dneil@google.com>
Trust: Damien Neil <dneil@google.com>
Trust: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'src/net')
| -rw-r--r-- | src/net/http/request_test.go | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go index 461d66e05d..4f4f435814 100644 --- a/src/net/http/request_test.go +++ b/src/net/http/request_test.go @@ -13,6 +13,7 @@ import ( "fmt" "io" "io/ioutil" + "math" "mime/multipart" . "net/http" "net/http/httptest" @@ -245,6 +246,41 @@ func TestParseMultipartForm(t *testing.T) { } } +// Issue #40430: ParseMultipartForm should return error for int overflow +func TestMaxInt64ForMultipartFormMaxMemory(t *testing.T) { + cst := httptest.NewServer(HandlerFunc(func(rw ResponseWriter, req *Request) { + if err := req.ParseMultipartForm(math.MaxInt64); err != nil { + Error(rw, err.Error(), StatusBadRequest) + return + } + })) + defer cst.Close() + fBuf := new(bytes.Buffer) + mw := multipart.NewWriter(fBuf) + mf, err := mw.CreateFormFile("file", "myfile.txt") + if err != nil { + t.Fatal(err) + } + if _, err := mf.Write(bytes.Repeat([]byte("abc"), 1<<10)); err != nil { + t.Fatal(err) + } + if err := mw.Close(); err != nil { + t.Fatal(err) + } + req, err := NewRequest("POST", cst.URL, fBuf) + if err != nil { + t.Fatal(err) + } + req.Header.Set("Content-Type", mw.FormDataContentType()) + res, err := cst.Client().Do(req) + if err != nil { + t.Fatal(err) + } + if g, w := res.StatusCode, StatusBadRequest; g != w { + t.Fatalf("Status code mismatch: got %d, want %d", g, w) + } +} + func TestRedirect_h1(t *testing.T) { testRedirect(t, h1Mode) } func TestRedirect_h2(t *testing.T) { testRedirect(t, h2Mode) } func testRedirect(t *testing.T, h2 bool) { |