Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1237

MultipartParser doesn't properly handle multi-line headers

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.0.0.Beta1, 1.4.22.Final, 1.4.18.SP11
    • 1.4.21.Final, 1.3.33.Final
    • None
    • None

    Description

      According to section 2.2.3 of RFC2822, headers may be folded at a whitespace character with a CRLF. Currently, MultipartParser considers the CRLF the end of the header value in all cases rather than checking for a whitespace character that signals the continuation of the value. This results in a MalformedMessageException to be thrown from the headerName method when the currentString (which now contains the remainder of the value) is checked to ensure it is null.

      This behavior may be reproduced by simply creating a multi-line header for a request, for example:

      {{Content-Disposition: form-data;
      name="data";
      filename="foo"}}

      Attachments

        Issue Links

          is incorporated by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-15564 [GSS](7.1.z) UNDERTOW-1237 - MultipartParser doesn't properly handle multi-line headers

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              jt_cuda Jonathan Tanner (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: