-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multer crashes when name attribute is absent in multipart #553
Labels
Comments
(The issue was posted too quickly and closed by mistake) |
vwvw
changed the title
Multer crash when name attribute is absent in multipart
Multer crashes when name attribute is absent in multipart
Jan 30, 2018
Good catch 👍 PR welcome 🚀 |
just re-discovered this bug (on v1.4.1):
It fails because the semicolon is missing, |
Ilyaololo
added a commit
to Ilyaololo/multer
that referenced
this issue
Feb 22, 2020
This was referenced Apr 27, 2020
ZloeSabo
added a commit
to ZloeSabo/multer
that referenced
this issue
Jun 29, 2020
Without this fix fields without a name result in a "TypeError: Cannot read property 'length' of undefined" in underlying append-field library. The current change allows getting a error from multer that makes it possible to handle it in servers.
ZloeSabo
added a commit
to ZloeSabo/multer
that referenced
this issue
Jun 29, 2020
Without this fix fields without a name result in a "TypeError: Cannot read property 'length' of undefined" in the underlying append-field library. The current change allows getting an error from multer that makes it possible to handle it in servers.
ZloeSabo
added a commit
to ZloeSabo/multer
that referenced
this issue
Jun 29, 2020
Without this fix fields without a name result in a "TypeError: Cannot read property 'length' of undefined" in the underlying append-field library. The current change allows getting an error from multer that makes it possible to handle it in servers.
nevilm-lt
pushed a commit
to nevilm-lt/multer
that referenced
this issue
Apr 21, 2022
Fixes expressjs#553 Without this fix fields without a name result in a "TypeError: Cannot read property 'length' of undefined" in the underlying append-field library. The current change allows getting an error from Multer that makes it possible to handle it in servers. Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>
nevilm-lt
pushed a commit
to nevilm-lt/multer
that referenced
this issue
Apr 22, 2022
Fixes expressjs#553 Without this fix fields without a name result in a "TypeError: Cannot read property 'length' of undefined" in the underlying append-field library. The current change allows getting an error from Multer that makes it possible to handle it in servers. Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>
nevilm-lt
pushed a commit
to nevilm-lt/multer
that referenced
this issue
Apr 22, 2022
Fixes expressjs#553 Without this fix fields without a name result in a "TypeError: Cannot read property 'length' of undefined" in the underlying append-field library. The current change allows getting an error from Multer that makes it possible to handle it in servers. Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>
himanshiLt
pushed a commit
to himanshiLt/multer
that referenced
this issue
Apr 26, 2022
Fixes expressjs#553 Without this fix fields without a name result in a "TypeError: Cannot read property 'length' of undefined" in the underlying append-field library. The current change allows getting an error from Multer that makes it possible to handle it in servers. Co-authored-by: Linus Unnebäck <linus@folkdatorn.se>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A multipart request without a 'name' attribute will produce an error and result with a crash of multer.
Here is an example of such a multipart request (every line break is a CRLF).
Busboy will not detect the field name and return
The crash occurs when multer call the append-field as it will try to access the length property of 'fieldname'.
Here is the stacktrace:
It seems to me that this issue can be fixed by adding a check at line 91 in make-middleware.js. We check that the fieldname is not empty.
This way, we will return a 500 instead of crashing.
The text was updated successfully, but these errors were encountered: