History log of /php-src/tests/basic/GHSA-9pqp-7h25-4f32.phpt (Results 1 – 2 of 2)
Revision Date Author Comments
# 4bcc7d57 23-Sep-2024 Jakub Zelenka

Skip GHSA-9pqp-7h25-4f32 test on Windows


# d65a1e6f 09-Sep-2024 Arnaud Le Blanc

Fix GHSA-9pqp-7h25-4f32

multipart/form-data boundaries larger than the read buffer result in erroneous
parsing, which violates data integrity.

Limit boundary size, as allowed by

Fix GHSA-9pqp-7h25-4f32

multipart/form-data boundaries larger than the read buffer result in erroneous
parsing, which violates data integrity.

Limit boundary size, as allowed by RFC 1521:

Encapsulation boundaries [...] must be no longer than 70 characters, not
counting the two leading hyphens.

We correctly parse payloads with boundaries of length up to
FILLUNIT-strlen("\r\n--") bytes, so allow this for BC.

show more ...