Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-13 12:09:26 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-13 12:09:26 +0000
commit: 9fdb3dbd6bacb125d40290aac8409da2f9fe19fc (patch)
tree: 532a0cfc06fa0f4c1d718a33804e6bbf2b650e70 /workhorse
parent: 2d8c28f1d32709280506507f3b6e6d2da7440da9 (diff)
download: gitlab-ce-9fdb3dbd6bacb125d40290aac8409da2f9fe19fc.tar.gz
3 files changed, 15 insertions, 6 deletions
diff --git a/workhorse/internal/upload/rewrite.go b/workhorse/internal/upload/rewrite.go
index 7b9ac6b996e..ad9623f569c 100644
--- a/workhorse/internal/upload/rewrite.go
+++ b/workhorse/internal/upload/rewrite.go
@@ -67,11 +67,8 @@ func rewriteFormFilesFromMultipart(r *http.Request, writer *multipart.Writer, fi
 	// Create multipart reader
 	reader, err := r.MultipartReader()
 	if err != nil {
-		if err == http.ErrNotMultipart {
-			// We want to be able to recognize http.ErrNotMultipart elsewhere so no fmt.Errorf
-			return http.ErrNotMultipart
-		}
-		return fmt.Errorf("get multipart reader: %v", err)
+		// We want to be able to recognize these errors elsewhere so no fmt.Errorf
+		return err
 	}
 
 	multipartUploadRequests.WithLabelValues(filter.Name()).Inc()
diff --git a/workhorse/internal/upload/uploads.go b/workhorse/internal/upload/uploads.go
index f214e1ac297..32e51fea9e5 100644
--- a/workhorse/internal/upload/uploads.go
+++ b/workhorse/internal/upload/uploads.go
@@ -51,7 +51,7 @@ func interceptMultipartFiles(w http.ResponseWriter, r *http.Request, h http.Hand
 	err := rewriteFormFilesFromMultipart(r, writer, filter, fa, p)
 	if err != nil {
 		switch err {
-		case ErrInjectedClientParam:
+		case ErrInjectedClientParam, http.ErrMissingBoundary:
 			helper.CaptureAndFail(w, r, err, "Bad Request", http.StatusBadRequest)
 		case ErrTooManyFilesUploaded:
 			helper.CaptureAndFail(w, r, err, err.Error(), http.StatusBadRequest)
diff --git a/workhorse/internal/upload/uploads_test.go b/workhorse/internal/upload/uploads_test.go
index 3655e9fc8c9..cc786079e36 100644
--- a/workhorse/internal/upload/uploads_test.go
+++ b/workhorse/internal/upload/uploads_test.go
@@ -352,6 +352,18 @@ func TestInvalidFileNames(t *testing.T) {
 	}
 }
 
+func TestBadMultipartHeader(t *testing.T) {
+	httpRequest, err := http.NewRequest("POST", "/example", bytes.NewReader(nil))
+	require.NoError(t, err)
+
+	// Invalid header: missing boundary
+	httpRequest.Header.Set("Content-Type", "multipart/form-data")
+
+	response := httptest.NewRecorder()
+	testInterceptMultipartFiles(t, response, httpRequest, nilHandler, &SavedFileTracker{Request: httpRequest})
+	require.Equal(t, 400, response.Code)
+}
+
 func TestContentDispositionRewrite(t *testing.T) {
 	testhelper.ConfigureSecret()
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-13 12:09:26 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-13 12:09:26 +0000
commit	9fdb3dbd6bacb125d40290aac8409da2f9fe19fc (patch)
tree	532a0cfc06fa0f4c1d718a33804e6bbf2b650e70 /workhorse
parent	2d8c28f1d32709280506507f3b6e6d2da7440da9 (diff)
download	gitlab-ce-9fdb3dbd6bacb125d40290aac8409da2f9fe19fc.tar.gz