mime/multipart: return overflow errors in Reader.ReadForm

Updates Reader.ReadForm to check for overflow errors that may
result from a leeway addition of 10MiB to the input argument
maxMemory.

Fixes #40430

Change-Id: I510b8966c95c51d04695ba9d08fcfe005fd11a5d
Reviewed-on: https://go-review.googlesource.com/c/go/+/247477
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
Trust: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Trust: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>

diff --git a/src/mime/multipart/formdata.go b/src/mime/multipart/formdata.go
index 832d0ad693666605cfdeea6d07c9ebe548ee6ee5..4eb31012941ac8eec0cfeb9e3ecc41ed7e2cffd8 100644 (file)
--- a/src/mime/multipart/formdata.go
+++ b/src/mime/multipart/formdata.go
@@ -7,6 +7,7 @@ package multipart
 import (
        "bytes"
        "errors"
+       "fmt"
        "io"
        "io/ioutil"
        "net/textproto"
@@ -41,6 +42,9 @@ func (r *Reader) readForm(maxMemory int64) (_ *Form, err error) {
 
        // Reserve an additional 10 MB for non-file parts.
        maxValueBytes := maxMemory + int64(10<<20)
+       if maxValueBytes <= 0 {
+               return nil, fmt.Errorf("multipart: integer overflow from maxMemory(%d) + 10MiB for non-file parts", maxMemory)
+       }
        for {
                p, err := r.NextPart()
                if err == io.EOF {

diff --git a/src/mime/multipart/formdata_test.go b/src/mime/multipart/formdata_test.go
index 7d756c8c244a0742f368ce97ae34e047dcc986c0..7112e0d3727fe0201368006cf95fe6ee382138f6 100644 (file)
--- a/src/mime/multipart/formdata_test.go
+++ b/src/mime/multipart/formdata_test.go
@@ -7,6 +7,7 @@ package multipart
 import (
        "bytes"
        "io"
+       "math"
        "os"
        "strings"
        "testing"
@@ -52,6 +53,23 @@ func TestReadFormWithNamelessFile(t *testing.T) {
        }
 }
 
+// Issue 40430: Ensure that we report integer overflows in additions of maxMemory,
+// instead of silently and subtly failing without indication.
+func TestReadFormMaxMemoryOverflow(t *testing.T) {
+       b := strings.NewReader(strings.ReplaceAll(messageWithTextContentType, "\n", "\r\n"))
+       r := NewReader(b, boundary)
+       f, err := r.ReadForm(math.MaxInt64)
+       if err == nil {
+               t.Fatal("Unexpected a non-nil error")
+       }
+       if f != nil {
+               t.Fatalf("Unexpected returned a non-nil form: %v\n", f)
+       }
+       if g, w := err.Error(), "integer overflow from maxMemory"; !strings.Contains(g, w) {
+               t.Errorf(`Error mismatch\n%q\ndid not contain\n%q`, g, w)
+       }
+}
+
 func TestReadFormWithTextContentType(t *testing.T) {
        // From https://github.com/golang/go/issues/24041
        b := strings.NewReader(strings.ReplaceAll(messageWithTextContentType, "\n", "\r\n"))