GHSA-9pqp-7h25-4f32.inc - OpenGrok history log for /PHP-8.1/tests/basic/GHSA-9pqp-7h25-4f32.inc

Revision		Date	Author	Comments
# d65a1e6f		09-Sep-2024	Arnaud Le Blanc	Fix GHSA-9pqp-7h25-4f32 multipart/form-data boundaries larger than the read buffer result in erroneous parsing, which violates data integrity. Limit boundary size, as allowed by Fix GHSA-9pqp-7h25-4f32 multipart/form-data boundaries larger than the read buffer result in erroneous parsing, which violates data integrity. Limit boundary size, as allowed by RFC 1521: Encapsulation boundaries [...] must be no longer than 70 characters, not counting the two leading hyphens. We correctly parse payloads with boundaries of length up to FILLUNIT-strlen("\r\n--") bytes, so allow this for BC. show more ...

Revision

Date

Author

Comments

# d65a1e6f

09-Sep-2024

Arnaud Le Blanc

Fix GHSA-9pqp-7h25-4f32

multipart/form-data boundaries larger than the read buffer result in erroneous
parsing, which violates data integrity.

Limit boundary size, as allowed by

Fix GHSA-9pqp-7h25-4f32

multipart/form-data boundaries larger than the read buffer result in erroneous
parsing, which violates data integrity.

Limit boundary size, as allowed by RFC 1521:

Encapsulation boundaries [...] must be no longer than 70 characters, not
counting the two leading hyphens.

We correctly parse payloads with boundaries of length up to
FILLUNIT-strlen("\r\n--") bytes, so allow this for BC.