From: Yann Ylavic <ylavic@apache.org>
Date: Wed, 17 Nov 2021 15:25:00 +0000 (+0000)
Subject: Sync r1895107 from libapreq.
X-Git-Tag: 2.5.0-alpha2-ci-test-only~692
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1b0ae1a64650c5263d18da34679aa670b9ade2e3;p=thirdparty%2Fapache%2Fhttpd.git

Sync r1895107 from libapreq.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895108 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/apreq_parser_multipart.c b/server/apreq_parser_multipart.c
index 9eed5a4e35e..f280d2afc9c 100644
--- a/server/apreq_parser_multipart.c
+++ b/server/apreq_parser_multipart.c
@@ -422,22 +422,27 @@ APREQ_DECLARE_PARSER(apreq_parse_multipart)
                     goto mfd_parse_brigade;
                 }
 
-                next_ctx->param_name = "";
-
                 if (cd != NULL) {
                     s = apreq_header_attribute(cd, "name", 4,
                                                &name, &nlen);
-                    if (s == APR_SUCCESS) {
-                        next_ctx->param_name
-                            = apr_pstrmemdup(pool, name, nlen);
+                    if (s == APR_SUCCESS && nlen) {
+                        next_ctx->param_name = apr_pstrmemdup(pool, name,
+                                                              nlen);
+                    }
+                    else if (s != APREQ_ERROR_NOATTR) {
+                        ctx->status = MFD_ERROR;
+                        goto mfd_parse_brigade;
+                    }
+                }
+                if (!next_ctx->param_name) {
+                    const char *cid = apr_table_get(ctx->info,
+                                                    "Content-ID");
+                    if (cid) {
+                        next_ctx->param_name = apr_pstrdup(pool, cid);
                     }
                     else {
-                        const char *cid = apr_table_get(ctx->info,
-                                                        "Content-ID");
-                        if (cid != NULL)
-                            next_ctx->param_name = apr_pstrdup(pool, cid);
+                        next_ctx->param_name = "";
                     }
-
                 }
 
                 ctx->next_parser = apreq_parser_make(pool, ba, ct,
@@ -455,14 +460,14 @@ APREQ_DECLARE_PARSER(apreq_parse_multipart)
 
             if (cd != NULL && strncmp(cd, "form-data", 9) == 0) {
                 s = apreq_header_attribute(cd, "name", 4, &name, &nlen);
-                if (s != APR_SUCCESS) {
+                if (s != APR_SUCCESS || !nlen) {
                     ctx->status = MFD_ERROR;
                     goto mfd_parse_brigade;
                 }
 
                 s = apreq_header_attribute(cd, "filename",
                                            8, &filename, &flen);
-                if (s == APR_SUCCESS) {
+                if (s == APR_SUCCESS && flen) {
                     apreq_param_t *param;
 
                     param = apreq_param_make(pool, name, nlen,
@@ -475,6 +480,10 @@ APREQ_DECLARE_PARSER(apreq_parse_multipart)
                     ctx->status = MFD_UPLOAD;
                     goto mfd_parse_brigade;
                 }
+                else if (s != APREQ_ERROR_NOATTR) {
+                    ctx->status = MFD_ERROR;
+                    goto mfd_parse_brigade;
+                }
                 else {
                     ctx->param_name = apr_pstrmemdup(pool, name, nlen);
                     ctx->status = MFD_PARAM;
@@ -488,7 +497,7 @@ APREQ_DECLARE_PARSER(apreq_parse_multipart)
 
                 s = apreq_header_attribute(cd, "filename",
                                            8, &filename, &flen);
-                if (s != APR_SUCCESS || ctx->param_name == NULL) {
+                if (s != APR_SUCCESS || !flen || !ctx->param_name) {
                     ctx->status = MFD_ERROR;
                     goto mfd_parse_brigade;
                 }