From 993d464cdad6159fe9ac620a7e9a319ec015a427 Mon Sep 17 00:00:00 2001
From: Xiangyue Cai <caixiangyue007@gmail.com>
Date: Thu, 11 Mar 2021 16:24:32 +0800
Subject: [PATCH] Return 400 when find blank line after boundary (#456)

---
 server/upload-file.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/upload-file.c b/server/upload-file.c
index 3bd6ac7..1190b50 100755
--- a/server/upload-file.c
+++ b/server/upload-file.c
@@ -2177,6 +2177,11 @@ upload_read_cb (evhtp_request_t *req, evbuf_t *buf, void *arg)
                 if (len == 0) {
                     /* Read an blank line, headers end. */
                     free (line);
+                    // Each part MUST contain a Content-Disposition header field
+                    if (!fsm->input_name) {
+                        res = EVHTP_RES_BADREQ;
+                        goto out;
+                    }
                     if (g_strcmp0 (fsm->input_name, "file") == 0) {
                         if (open_temp_file (fsm) < 0) {
                             seaf_warning ("[upload] Failed open temp file, errno:[%d]\n", errno);