Merge pull request #561 from jdelStrother/eoferror

Ensure request.POST always raises EOFError on bad input

2 files changed, 15 insertions, 1 deletions

diff --git a/lib/rack/request.rb b/lib/rack/request.rb
index 6f044195..66fb0c5a 100644
--- a/lib/rack/request.rb
+++ b/lib/rack/request.rb
@@ -201,7 +201,6 @@ module Rack
       elsif @env["rack.request.form_input"].eql? @env["rack.input"]
         @env["rack.request.form_hash"]
       elsif form_data? || parseable_data?
-        @env["rack.request.form_input"] = @env["rack.input"]
         unless @env["rack.request.form_hash"] = parse_multipart(env)
           form_vars = @env["rack.input"].read
 
@@ -214,6 +213,7 @@ module Rack
 
           @env["rack.input"].rewind
         end
+        @env["rack.request.form_input"] = @env["rack.input"]
         @env["rack.request.form_hash"]
       else
         {}
diff --git a/test/spec_request.rb b/test/spec_request.rb
index b98cbd4d..039aae6b 100644
--- a/test/spec_request.rb
+++ b/test/spec_request.rb
@@ -779,6 +779,20 @@ EOF
     lambda { req.POST }.should.raise(EOFError)
   end
 
+  should "consistently raise EOFError on bad multipart form data" do
+    input = <<EOF
+--AaB03x\r
+content-disposition: form-data; name="huge"; filename="huge"\r
+EOF
+    req = Rack::Request.new Rack::MockRequest.env_for("/",
+                      "CONTENT_TYPE" => "multipart/form-data, boundary=AaB03x",
+                      "CONTENT_LENGTH" => input.size,
+                      :input => input)
+
+    lambda { req.POST }.should.raise(EOFError)
+    lambda { req.POST }.should.raise(EOFError)
+  end
+
   should "correctly parse the part name from Content-Id header" do
     input = <<EOF
 --AaB03x\r