diff --git a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java index b2ac85b3051..f66c7ef425d 100644 --- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java +++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/MultiPartFilter.java @@ -151,7 +151,18 @@ public class MultiPartFilter implements Filter if (line == null || line.length() == 0) throw new IOException("Missing content for multipart request"); - if (!line.equals(boundary)) + boolean badFormatLogged = false; + while (line != null && !line.equals(boundary)) + { + if (!badFormatLogged) + { + LOG.warn("Badly formatted multipart request"); + badFormatLogged = true; + } + line=((ReadLineInputStream)in).readLine(); + } + + if (line == null || line.length() == 0) throw new IOException("Missing initial multi part boundary"); // Read each part diff --git a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java index 19e144c1fc4..1236cf533a3 100644 --- a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java +++ b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/MultipartFilterTest.java @@ -648,7 +648,73 @@ public class MultipartFilterTest assertTrue(response.getReason().startsWith("Missing initial")); } + @Test + public void testLeadingWhitespaceBodyWithCRLF() + throws Exception + { + String boundary = "AaB03x"; + String body = " \n\n\n\r\n\r\n\r\n\r\n"+ + "--AaB03x\r\n"+ + "content-disposition: form-data; name=\"field1\"\r\n"+ + "\r\n"+ + "Joe Blow\r\n"+ + "--AaB03x\r\n"+ + "Content-Disposition: form-data; name=\"fileup\"; filename=\"test.upload\"\r\n"+ + "Content-Type: application/octet-stream\r\n"+ + "\r\n" + + "aaaa,bbbbb"+"\r\n" + + "--AaB03x--\r\n"; + + // generated and parsed test + HttpTester request = new HttpTester(); + HttpTester response = new HttpTester(); + request.setMethod("POST"); + request.setVersion("HTTP/1.0"); + request.setHeader("Host","tester"); + request.setURI("/context/dump"); + request.setHeader("Content-Type","multipart/form-data; boundary="+boundary); + request.setContent(body); + + response.parse(tester.getResponses(request.generate())); + assertTrue(response.getMethod()==null); + assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertTrue(response.getContent().contains("aaaa,bbbbb")); + } + + @Test + public void testLeadingWhitespaceBodyWithoutCRLF() + throws Exception + { + String boundary = "AaB03x"; + + String body = " "+ + "--AaB03x\r\n"+ + "content-disposition: form-data; name=\"field1\"\r\n"+ + "\r\n"+ + "Joe Blow\r\n"+ + "--AaB03x\r\n"+ + "Content-Disposition: form-data; name=\"fileup\"; filename=\"test.upload\"\r\n"+ + "Content-Type: application/octet-stream\r\n"+ + "\r\n" + + "aaaa,bbbbb"+"\r\n" + + "--AaB03x--\r\n"; + + // generated and parsed test + HttpTester request = new HttpTester(); + HttpTester response = new HttpTester(); + request.setMethod("POST"); + request.setVersion("HTTP/1.0"); + request.setHeader("Host","tester"); + request.setURI("/context/dump"); + request.setHeader("Content-Type","multipart/form-data; boundary="+boundary); + request.setContent(body); + + response.parse(tester.getResponses(request.generate())); + assertTrue(response.getMethod()==null); + assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertTrue(response.getContent().contains("aaaa,bbbbb")); + } /*