Several improvements to rfc1867_new.c

1) Only reset newlines counter when adding entry; 2) When aborting request, free buffer to prevent memleaks; 3) suhosin_input_filter sets new_val_len with a value, so use it when calling sapi_module.input_filter; 4) Small cosmetic tweaks to make code cleaner.
NewEraCracker · Apr 8, 2016 · 1240925 · 1240925
1 parent 4171e0b
commit 1240925
Showing 1 changed file with 6 additions and 12 deletions.
diff --git a/rfc1867_new.c b/rfc1867_new.c
@@ -393,9 +393,6 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
 	mime_header_entry entry = {0};
 	smart_str buf_value = {0};
 	char *key = NULL;
-
-	// mime_header_entry prev_entry = {0};
-	// int prev_len, cur_len;
 	int newlines = 0;
 
 	/* didn't find boundary, abort */
@@ -422,6 +419,7 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
 		if (value) {
 			if(buf_value.c && key) {
 				/* new entry, add the old one to the list */
+				newlines = 0;
 				smart_str_0(&buf_value);
 				entry.key = key;
 				entry.value = buf_value.c;
@@ -435,18 +433,14 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
 
 			key = estrdup(line);
 			smart_str_appends(&buf_value, value);
-
-			newlines = 0;
-
 		} else if (buf_value.c) { /* If no ':' on the line, add to previous line */
-			smart_str_appends(&buf_value, line);
-			newlines++;
-			if (newlines > SUHOSIN_G(upload_max_newlines)) {
+			if (++newlines > SUHOSIN_G(upload_max_newlines)) {
 				SUHOSIN_G(abort_request) = 1;
 				suhosin_log(S_FILES, "configured maximum number of newlines in RFC1867 MIME headers limit exceeded - dropping rest of upload");
+				smart_str_free(&buf_value);
 				return 0;
 			}
-
+			smart_str_appends(&buf_value, line);
 		} else {
 			continue;
 		}
@@ -878,7 +872,7 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler) /* {{{ */
 					continue;
 				}
 
-				if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) {
+				if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, new_val_len, &new_val_len TSRMLS_CC)) {
 					if (&suhosin_rfc1867_filter != NULL) {
 						multipart_event_formdata event_formdata;
 						size_t newlength = new_val_len;
@@ -979,7 +973,7 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler) /* {{{ */
 			temp_filename = NULL;
 			fd = -1;
 
-			if (!skip_upload && &suhosin_rfc1867_filter != NULL) {
+			if (!skip_upload && (&suhosin_rfc1867_filter != NULL)) {
 				multipart_event_file_start event_file_start;
 
 				event_file_start.post_bytes_processed = SG(read_post_bytes);