Server hang when multipart data was malformed

[tlethanh-sdi]

We integred cpp-httplib in our lora server in order to handle internal webservice requests. Everything works fine until we introduce some file upload functions via multipart form data.

The working thread dedicated to webservice hangs sometimes (about 1 per 10 requests). Debugging shows that the while loop was repeated forever (state_ = 2, buffer size n = 4096).

cpp-httplib/httplib.h

Lines 2839 to 2870 in ec00fe5

	case 2: { // Headers
	auto pos = buf_.find(crlf_);
	while (pos != std::string::npos) {
	// Empty line
	if (pos == 0) {
	if (!header_callback(file_)) {
	is_valid_ = false;
	is_done_ = false;
	return false;
	}
	buf_.erase(0, crlf_.size());
	off_ += crlf_.size();
	state_ = 3;
	break;
	}
	auto header = buf_.substr(0, pos);
	{
	std::smatch m;
	if (std::regex_match(header, m, re_content_type)) {
	file_.content_type = m[1];
	} else if (std::regex_match(header, m, re_content_disposition)) {
	file_.name = m[1];
	file_.filename = m[2];
	}
	}
	buf_.erase(0, pos + crlf_.size());
	off_ += pos + crlf_.size();
	pos = buf_.find(crlf_);
	}
	break;

The parse() function will be never terminated if there is no crlf_ found in buf_ string when state_ = 2 (it means no header found in a new multipart section).

We use a Qt application as client, the boundary implemented may not suit the standard used by cpp-httplib, that we need to look deeper.

[yhirose]

@tlethanh-sdi, thanks for finding the bug and fine report. I fixed it with the last master code. Could you verify on your machine? Thanks!

[tlethanh-sdi]

@yhirose Thanks for your quick and effective reaction. The code was passed the test phase and the software is now in the validation chain. We hope to pass this in production very soon.

[yhirose]

@tlethanh-sdi , thanks for confirming it works on your machine! I'll release it in v0.6.7 soon.