Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Regression on ee9 / ee8 MultiPart parsing #12031

Merged
merged 5 commits into from
Jul 16, 2024
Merged

Fix Regression on ee9 / ee8 MultiPart parsing #12031

merged 5 commits into from
Jul 16, 2024

Conversation

joakime
Copy link
Contributor

@joakime joakime commented Jul 11, 2024

In Jetty 10 / Jetty 11 when a multipart/form-data is sent with an empty request body, it would result in an error status 400 (Bad Request).

The implementation in ee9 / ee8 in Jetty 12 returns an error status 500.

Introduce test cases and fix to restore this behavior.

@joakime joakime added Bug For general bugs on Jetty side Sponsored This issue affects a user with a commercial support agreement labels Jul 11, 2024
@joakime joakime self-assigned this Jul 11, 2024
gregw
gregw requested changes Jul 12, 2024
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seams a very specific check/failure.
What if the body is a single byte? The EOF can come at many illegal points and why do we need/have special handling just for 0 bytes?

...e9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/MultiPartFormInputStream.java Outdated Show resolved Hide resolved
@joakime joakime changed the title Fix Regression on ee9 / ee8 MultiPart parsing behavior with empty request body Fix Regression on ee9 / ee8 MultiPart parsing Jul 15, 2024
@joakime
More testing of regression.
7e58921 
+ More multipart parsing errors return 400, not 500 now.
@joakime joakime requested a review from gregw July 15, 2024 21:01
@joakime
Copy link
Contributor Author

joakime commented Jul 15, 2024

I've added more tests for this regression, and fixed many of the 500 vs 400 status returns in the process. (more are returning 400 now)

gregw
gregw requested changes Jul 15, 2024
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to hangout on this as I don't think I'm communicating my concern.

...e9/jetty-ee9-nested/src/main/java/org/eclipse/jetty/ee9/nested/MultiPartFormInputStream.java Outdated Show resolved Hide resolved
@joakime
Reworked so that Request handles Bad Message from Multipart Parsing.
7085a50 
 * Request.getParts() catches IOExceptions from multiParts.getParts() and wraps them in a BadMessageException to ensure that a 400 Bad Request response shows up.
@joakime
Fix checkstyle
68bc1fb
gregw
gregw approved these changes Jul 16, 2024
View reviewed changes
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@joakime joakime merged commit 7c42a5b into jetty-12.0.x Jul 16, 2024
10 checks passed
@joakime joakime deleted the fix/12.0.x/legacy-multipart-regression-empty-form branch July 16, 2024 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@janbartel janbartel janbartel left review comments

@gregw gregw gregw approved these changes

@lachlan-roberts lachlan-roberts Awaiting requested review from lachlan-roberts

Assignees

@joakime joakime

Labels
Bug For general bugs on Jetty side Sponsored This issue affects a user with a commercial support agreement
Projects
No open projects
🧊 Jetty 12.0.12 - FROZEN
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joakime @gregw @janbartel