Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Multipart boundary should strip quotes

See original GitHub issue

Affects: 5.3.3 Library: spring-web

Although uncommon, some HTTP clients will quote the multipart boundary value. This does appear to be acceptable based on a reading of the RFC. As a specific example, the .NET SDK’s HttpClient class will generate a quoted UUID to use as the boundary:

POST /foo HTTP/1.1
Content-Type: multipart/form-data; boundary="7e296554-91ca-4075-ada1-c72043296dd7"
Host: foo.bar.example
Content-Length: <snip>
Expect: 100-continue

--7e296554-91ca-4075-ada1-c72043296dd7
Content-Type: text/plain; charset=utf-8
Content-Disposition: form-data; name=Foo

BAR
--7e296554-91ca-4075-ada1-c72043296dd7--

The problem is the codec shipped with spring-web does not handle this case:

	@Nullable
	private static byte[] boundary(HttpMessage message) {
		MediaType contentType = message.getHeaders().getContentType();
		if (contentType != null) {
			String boundary = contentType.getParameter("boundary");
			if (boundary != null) {
				return boundary.getBytes(StandardCharsets.ISO_8859_1);
			}
		}
		return null;
	}

The code should check the boundary string to see if it starts and ends with an ASCII double-quote ("). If so, it should strip them before creating the byte array to be used later.

See https://github.com/spring-projects/spring-framework/issues/26615 which led to me discovering this issue.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:3
  • Comments:9 (3 by maintainers)

github_iconTop GitHub Comments

2reactions
poutsmacommented, Mar 1, 2021
0reactions
TomRK1089commented, Mar 1, 2021

@poutsma Thank you! When do you think a new SNAPSHOT build will go out for the library? I’m comfortable adding the Spring snapshot repos in the short term to get this fix into my application.

Read more comments on GitHub >

github_iconTop Results From Across the Web

HttpContent boundary double quotes - Stack Overflow
You can remove the quotes from the boundary by using the following code: var boundary = formData.Headers.ContentType.Parameters.First(o => o.
Read more >
Problems with WebApi, Multipart Content Upload and ...
After the content is created I will simply remove quotes in the boundary value. Posted Sep 10 2013, 05:11 PM by Damir Dobric....
Read more >
RFC1341(MIME) : 7 The Multipart content type
The body must then contain one or more "body parts," each preceded by an encapsulation boundary, and the last one followed by a...
Read more >
PI61450: APACHE WINK CODE DOES NOT REMOVE ... - IBM
There is a problem with the way the Apache Wink code parses the boundary value. The code should strip any leading and trailing...
Read more >
Multipart (Form Data) Format - MuleSoft Documentation
To distinguish the beginning and end of a part, a boundary is used and metadata for each part can be added through headers....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Property placeholder in bean class name results exception but bean is instantiated afterwards

Next page

ServerHttpRequest content-type cannot be mutated