Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal Server Error while using Content-Type=multipart/form-data; boundary=cats on /v1/user/keys #19698

Closed
ludovicianul opened this issue May 13, 2022 · 4 comments · Fixed by #21556
Closed

Internal Server Error while using Content-Type=multipart/form-data; boundary=cats on /v1/user/keys #19698

ludovicianul opened this issue May 13, 2022 · 4 comments · Fixed by #21556
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/bug
Milestone
1.17.4

Comments

@ludovicianul
Copy link

Description

Description

While doing some fuzzing using https://github.com/Endava/cats I discovered an issue for the /v1/user/keys" endpoint. Doing a POST with multipart/form-data; boundary=cats Content-Type results in a 500, rather that something more meaningful.

You can reproduce the issue using (just replace $token with your own token):

cats replay Test1246.json

Test1246.json.zip

Gitea Version

1.17.0+dev-573-ge45738e3c

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Onlinehttps://try.gitea.io/

Database

No response
@zeripath
Copy link
Contributor

Would it be possible to see some logs for this?

@wxiaoguang
Copy link
Contributor

It could be reproduced by:

curl -v -XPOST -H "Authorization: token $token" -H "Content-Type: multipart/form-data; boundary=cats" "https://try.gitea.io/api/v1/user/keys"

@wxiaoguang wxiaoguang added this to the 1.18.0 milestone Oct 7, 2022
@wxiaoguang
Copy link
Contributor

panic here:

image

@wxiaoguang wxiaoguang added the issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented label Oct 7, 2022
@zeripath
Copy link
Contributor

zeripath commented Oct 9, 2022
edited
Loading

PR to prevent the NPE in binding https://gitea.com/go-chi/binding/pulls/13

@lunny lunny mentioned this issue Oct 23, 2022
Merged
@lunny lunny modified the milestones: 1.18.0, 1.17.4 Oct 23, 2022
lafriks pushed a commit that referenced this issue Oct 23, 2022
@lunny
Update binding to fix bugs (#21556)
4eeea7b 
Fix #19698
@lunny lunny mentioned this issue Oct 23, 2022
Merged
zeripath pushed a commit that referenced this issue Oct 24, 2022
@lunny
Update binding to fix bugs (#21560)
92b5f48 
backport #21556, Fix #19698
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/bug
Projects
None yet
Milestone
1.17.4
Development

Successfully merging a pull request may close this issue.

Update binding to fix bugs lunny/gitea
4 participants
@lunny @zeripath @wxiaoguang @ludovicianul