You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Multipart_Message.Store_Attachments allows files to be uploaded on the server even is Upload_Directory is disabled (empty String)
To fix this issue we applied the same verification and error management as Multipart_Message.File_Upload (patch attached).
--- aws-server-http_utils.adb.orig 2024-04-13 11:49:53.691588811 +0400
+++ aws-server-http_utils.adb 2024-04-13 11:50:55.539068778 +0400
@@ -857,6 +857,11 @@
begin
begin
if Mode in Attachment .. File_Upload then
+ if CNF.Upload_Directory (Server_Config) = "" then
+ raise Constraint_Error
+ with "File upload not supported by server "
+ & CNF.Server_Name (Server_Config);
+ end if;
Streams.Stream_IO.Create
(File, Streams.Stream_IO.Out_File, Server_Filename);
end if;
In this case, as the Content-Length is bigger than the actual payload, the web server is waiting and the temporary uploaded file is not yet deleted. A simple ls command executed in the directory where the web server has been launched will show the temporary file.
$ ls
27495-1
Another way to assess the temporary uploaded file is by using the inotifywait command executed in the directory where the web server has been launched
Multipart_Message.Store_Attachments
allows files to be uploaded on the server even isUpload_Directory
is disabled (empty String)To fix this issue we applied the same verification and error management as
Multipart_Message.File_Upload
(patch attached).Reproducer file
command.sh
attached, request payload below;In this case, as the
Content-Length
is bigger than the actual payload, the web server is waiting and the temporary uploaded file is not yet deleted. A simplels
command executed in the directory where the web server has been launched will show the temporary file.Another way to assess the temporary uploaded file is by using the
inotifywait
command executed in the directory where the web server has been launchedaws-server-http_utils.adb.changes.patch.txt
command.sh.txt
The text was updated successfully, but these errors were encountered: