Fix bug in max header calculation in DefaultPartHttpMessageReader

This commit fixes a bug in the DefaultPartHttpMessageReader, in the
check for exceeding the maximum header size. Before this commit, the
entire buffer size was considered, thus triggering an exception even
though the max header limit was not exceeded. After this commit, we only
consider the size up until the end-of-header mark (CRLFCRLF).

Furthermore, this commit increases the default maximum header size to
10k, the same default as Commons File upload.

Closes gh-27612
This commit is contained in:
Arjen Poutsma
2021-10-27 15:07:15 +02:00
parent c4c3d59d07
commit 0416168d0e
4 changed files with 66 additions and 32 deletions

View File

@@ -270,6 +270,31 @@ public class DefaultPartHttpMessageReaderTests {
latch.await();
}
// gh-27612
@Test
public void exceedHeaderLimit() throws InterruptedException {
Flux<DataBuffer> body = DataBufferUtils
.readByteChannel((new ClassPathResource("files.multipart", getClass()))::readableChannel, bufferFactory, 282);
MediaType contentType = new MediaType("multipart", "form-data", singletonMap("boundary", "----WebKitFormBoundaryG8fJ50opQOML0oGD"));
MockServerHttpRequest request = MockServerHttpRequest.post("/")
.contentType(contentType)
.body(body);
DefaultPartHttpMessageReader reader = new DefaultPartHttpMessageReader();
reader.setMaxHeadersSize(230);
Flux<Part> result = reader.read(forClass(Part.class), request, emptyMap());
CountDownLatch latch = new CountDownLatch(2);
StepVerifier.create(result)
.consumeNextWith(part -> testPart(part, null, LOREM_IPSUM, latch))
.consumeNextWith(part -> testPart(part, null, MUSPI_MEROL, latch))
.verifyComplete();
latch.await();
}
private void testBrowser(DefaultPartHttpMessageReader reader, Resource resource, String boundary)
throws InterruptedException {