Vulnerability in mongoose/mongoose_multipart.c
13 views
Skip to first unread message
Stefano Babic
Mar 8, 2026, 8:36:16 AM (7 days ago) Mar 8
to swup...@googlegroups.com, James Hilliard, Michael Glembotzki
Hi,
I received a CVE report that it is possible DOS attack by using the
mismatch when a boundary is found and when it is used.
Also check is :
if ((int) io->len < mp_stream->boundary.len + 6 /*
But if a Boundary is found, it takes two more chars:
264 size_t data_len = io->len - (mp_stream->boundary.len
+ 8);
265 size_t consumed =
mg_http_multipart_call_handler(c, MG_EV_HTTP_PART_DATA,
266
(char *) io->buf, data_len);
267 mg_iobuf_del(io, 0, consumed);
268 if (consumed == data_len) {
269 mg_iobuf_del(io, 0,
mp_stream->boundary.len + 8);
2
So the +8 seems to me just a copy&paste - I will send a patch for this,
but before doing I just asking if this was wanted and it is not as I
supposed just a mismatch caused by copying a line.
Best regards,
Stefano
--
_______________________________________________________________________
Nabla Software Engineering GmbH
Hirschstr. 111A | 86156 Augsburg | Tel: +49 821 45592596
Geschäftsführer : Stefano Babic | HRB 40522 Augsburg
E-Mail: sba...@nabladev.com
I received a CVE report that it is possible DOS attack by using the
mismatch when a boundary is found and when it is used.
Also check is :
if ((int) io->len < mp_stream->boundary.len + 6 /*
But if a Boundary is found, it takes two more chars:
264 size_t data_len = io->len - (mp_stream->boundary.len
+ 8);
265 size_t consumed =
mg_http_multipart_call_handler(c, MG_EV_HTTP_PART_DATA,
266
(char *) io->buf, data_len);
267 mg_iobuf_del(io, 0, consumed);
268 if (consumed == data_len) {
269 mg_iobuf_del(io, 0,
mp_stream->boundary.len + 8);
2
So the +8 seems to me just a copy&paste - I will send a patch for this,
but before doing I just asking if this was wanted and it is not as I
supposed just a mismatch caused by copying a line.
Best regards,
Stefano
--
_______________________________________________________________________
Nabla Software Engineering GmbH
Hirschstr. 111A | 86156 Augsburg | Tel: +49 821 45592596
Geschäftsführer : Stefano Babic | HRB 40522 Augsburg
E-Mail: sba...@nabladev.com
Reply all
Reply to author
Forward
0 new messages