Skip to content

Commit

Permalink
ignore leading and trailing crlfs in formdata body (#3677)
Browse files Browse the repository at this point in the history
  • Loading branch information
KhafraDev authored Oct 5, 2024
1 parent c0be359 commit 773ba01
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 2 deletions.
14 changes: 12 additions & 2 deletions lib/web/fetch/formdata-parser.js
Original file line number Diff line number Diff line change
Expand Up @@ -86,11 +86,21 @@ function multipartFormDataParser (input, mimeType) {
// the first byte.
const position = { position: 0 }

// Note: undici addition, allow \r\n before the body.
if (input[0] === 0x0d && input[1] === 0x0a) {
// Note: undici addition, allows leading and trailing CRLFs.
while (input[position.position] === 0x0d && input[position.position + 1] === 0x0a) {
position.position += 2
}

let trailing = input.length

while (input[trailing - 1] === 0x0a && input[trailing - 2] === 0x0d) {
trailing -= 2
}

if (trailing !== input.length) {
input = input.subarray(0, trailing)
}

// 5. While true:
while (true) {
// 5.1. If position points to a sequence of bytes starting with 0x2D 0x2D
Expand Down
24 changes: 24 additions & 0 deletions test/busboy/issue-3676.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
'use strict'

const { test } = require('node:test')
const assert = require('node:assert')
const { Response } = require('../..')

// https://github.com/nodejs/undici/issues/3676
test('Leading and trailing CRLFs are ignored', async (t) => {
const response = new Response([
'--axios-1.7.7-boundary-bPgZ9x77LfApGVUN839vui4V7\r\n' +
'Content-Disposition: form-data; name="file"; filename="doc.txt"\r\n' +
'Content-Type: text/plain\r\n' +
'\r\n' +
'Helloworld\r\n' +
'--axios-1.7.7-boundary-bPgZ9x77LfApGVUN839vui4V7--\r\n' +
'\r\n'
].join(''), {
headers: {
'content-type': 'multipart/form-data; boundary=axios-1.7.7-boundary-bPgZ9x77LfApGVUN839vui4V7'
}
})

await assert.doesNotReject(response.formData())
})

0 comments on commit 773ba01

Please sign in to comment.