Commit a28ce75d authored by Michael Fraenkel's avatar Michael Fraenkel Committed by Brad Fitzpatrick

mime/multipart: parse boundary with spaces properly

- spaces are allowed anywhere but the last character of a boundary

Fixes #18768

Change-Id: I36b054462533ff6dfc060e37e7a58777ae4b66fe
Reviewed-on: https://go-review.googlesource.com/35507
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
parent e26b51b0
......@@ -50,13 +50,18 @@ func (w *Writer) SetBoundary(boundary string) error {
if len(boundary) < 1 || len(boundary) > 70 {
return errors.New("mime: invalid boundary length")
}
for _, b := range boundary {
end := len(boundary) - 1
for i, b := range boundary {
if 'A' <= b && b <= 'Z' || 'a' <= b && b <= 'z' || '0' <= b && b <= '9' {
continue
}
switch b {
case '\'', '(', ')', '+', '_', ',', '-', '.', '/', ':', '=', '?':
continue
case ' ':
if i != end {
continue
}
}
return errors.New("mime: invalid boundary character")
}
......
......@@ -80,8 +80,6 @@ func TestWriter(t *testing.T) {
}
func TestWriterSetBoundary(t *testing.T) {
var b bytes.Buffer
w := NewWriter(&b)
tests := []struct {
b string
ok bool
......@@ -94,8 +92,12 @@ func TestWriterSetBoundary(t *testing.T) {
{strings.Repeat("x", 71), false},
{"bad!ascii!", false},
{"my-separator", true},
{"with space", true},
{"badspace ", false},
}
for i, tt := range tests {
var b bytes.Buffer
w := NewWriter(&b)
err := w.SetBoundary(tt.b)
got := err == nil
if got != tt.ok {
......@@ -105,11 +107,12 @@ func TestWriterSetBoundary(t *testing.T) {
if got != tt.b {
t.Errorf("boundary = %q; want %q", got, tt.b)
}
w.Close()
wantSub := "\r\n--" + tt.b + "--\r\n"
if got := b.String(); !strings.Contains(got, wantSub) {
t.Errorf("expected %q in output. got: %q", wantSub, got)
}
}
w.Close()
if got := b.String(); !strings.Contains(got, "\r\n--my-separator--\r\n") {
t.Errorf("expected my-separator in output. got: %q", got)
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment