# HG changeset patch # User jbe # Date 1426788751 -3600 # Node ID ac37c1f28d71ee358883eb8026dfc3f7ebdd64b9 # Parent ab51824e139b53a5cea3d8e79640d89fa0f94c9c Treat multipart/form-data protocol errors and chunked transfer-encoding protocol errors as I/O errors diff -r ab51824e139b -r ac37c1f28d71 moonbridge_http.lua --- a/moonbridge_http.lua Thu Mar 19 16:54:50 2015 +0100 +++ b/moonbridge_http.lua Thu Mar 19 19:12:31 2015 +0100 @@ -652,7 +652,7 @@ headerdata = remaining local header_key, header_value = string.match(line, "^([^:]*):[ \t]*(.-)[ \t]*$") if not header_key then - error("Invalid header in multipart/form-data part") + assert_io(false, "Invalid header in multipart/form-data part") end header_key = string.lower(header_key) if header_key == "content-disposition" then @@ -674,7 +674,7 @@ elseif header_key == "content-type" then metadata.content_type = header_value elseif header_key == "content-transfer-encoding" then - error("Content-transfer-encoding not supported by multipart/form-data parser") + assert_io(false, "Content-transfer-encoding not supported by multipart/form-data parser") end end end @@ -702,7 +702,7 @@ bigchunk = nil return else - error("Error while parsing multipart body (expected CRLF or double minus)") + assert_io(false, "Error while parsing multipart body (expected CRLF or double minus)") end end local pos1, pos2 = string.find(bigchunk, boundary, 1, true) @@ -728,11 +728,11 @@ end end) if not terminated then - error("Premature end of multipart/form-data request body") + assert_io(false, "Premature end of multipart/form-data request body") end request.post_metadata_list, request.post_metadata = post_metadata_list, post_metadata else - error("Unknown Content-Type of request body") + assert_io(false, "Unknown Content-Type of request body") end end end @@ -759,13 +759,8 @@ if request.headers_flags["Transfer-Encoding"]["chunked"] then while true do local line = socket:readuntil("\n", 32 + remaining_body_size_limit) - if not ( - line and ( - string.match(line, "^[0-9A-Fa-f]+\r?$") or - string.match(line, "^[0-9A-Fa-f]+[ \t;]") - ) - ) then - assert_io(false, "Unexpected EOF or read error while reading next chunk of request body") + if not line then + assert_io(false, "Unexpected EOF while reading next chunk of request body") end local zeros, lenstr = string.match(line, "^(0*)([1-9A-Fa-f]+[0-9A-Fa-f]*)\r?\n$") local chunkext @@ -775,18 +770,18 @@ zeros, lenstr, chunkext = string.match(line, "^(0*)([1-9A-Fa-f]+[0-9A-Fa-f]*)([ \t;].-)\r?\n$") end if not lenstr or #lenstr > 13 then - error("Encoding error while reading chunk of request body") + assert_io(false, "Encoding error or unexpected EOF or read error while reading chunk of request body") end local len = tonumber("0x" .. lenstr) remaining_body_size_limit = remaining_body_size_limit - (#zeros + #chunkext + len) if remaining_body_size_limit < 0 then - error("Request body size limit exceeded") + assert_io(false, "Request body size limit exceeded") end if len == 0 then break end read_body_bytes(len, callback) local term = socket:readuntil("\n", 2) if term ~= "\r\n" and term ~= "\n" then - error("Encoding error while reading chunk of request body") + assert_io(false, "Encoding error while reading chunk of request body") end end while true do @@ -794,7 +789,7 @@ if line == "\r\n" or line == "\n" then break end remaining_body_size_limit = remaining_body_size_limit - #line if remaining_body_size_limit < 0 then - error("Request body size limit exceeded while reading trailer section of chunked request body") + assert_io(false, "Request body size limit exceeded while reading trailer section of chunked request body") end end elseif request_body_content_length then