Stop parsing multipart request bodies once the configured limit of form fields and files has been reached

This fix is inspired by how PHP is handling it but without following the ini setting. Such setting isn't needed as the limits on files and form fields are enough.

Author: WyriHaximus

src/Io/MultipartParser.php

@@ -26,6 +26,13 @@ final class MultipartParser
      */
     private $maxFileSize;
 
+    /**
+     * Based on $maxInputVars and $maxFileUploads
+     *
+     * @var int
+     */
+    private $maxMultipartBodyParts;
+
     /**
      * ini setting "max_input_vars"
      *
@@ -62,6 +69,7 @@ final class MultipartParser
      */
     private $maxFileUploads;
 
+    private $multipartBodyPartCount = 0;
     private $postCount = 0;
     private $filesCount = 0;
     private $emptyCount = 0;
@@ -87,6 +95,8 @@ public function __construct($uploadMaxFilesize = null, $maxFileUploads = null)
 
         $this->uploadMaxFilesize = IniUtil::iniSizeToBytes($uploadMaxFilesize);
         $this->maxFileUploads = $maxFileUploads === null ? (\ini_get('file_uploads') === '' ? 0 : (int)\ini_get('max_file_uploads')) : (int)$maxFileUploads;
+
+        $this->maxMultipartBodyParts = $this->maxInputVars + $this->maxFileUploads;
     }
 
     public function parse(ServerRequestInterface $request)
@@ -101,6 +111,7 @@ public function parse(ServerRequestInterface $request)
 
         $request = $this->request;
         $this->request = null;
+        $this->multipartBodyPartCount = 0;
         $this->postCount = 0;
         $this->filesCount = 0;
         $this->emptyCount = 0;
@@ -128,6 +139,10 @@ private function parseBody($boundary, $buffer)
             // parse one part and continue searching for next
             $this->parsePart(\substr($buffer, $start, $end - $start));
             $start = $end;
+
+            if (++$this->multipartBodyPartCount > $this->maxMultipartBodyParts) {
+                break;
+            }
         }
     }
 

tests/Io/MultipartParserTest.php

@@ -1026,4 +1026,29 @@ public function testPostMaxFileSizeIgnoredByFilesComingBeforeIt()
         $this->assertTrue(isset($files['file4']));
         $this->assertSame(UPLOAD_ERR_OK, $files['file4']->getError());
     }
-}
+
+    public function testWeOnlyParseTheAmountOfMultiPartChunksWeConfigured()
+    {
+        $boundary = "---------------------------12758086162038677464950549563";
+
+        $chunk = "--$boundary\r\n";
+        $chunk .= "Content-Disposition: form-data; name=\"f\"\r\n";
+        $chunk .= "\r\n";
+        $chunk .= "u\r\n";
+        $data = '';
+        for ($i = 0; $i < 5000000; $i++) {
+            $data .= $chunk;
+        }
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parser = new MultipartParser();
+        $startTime = microtime(true);
+        $parser->parse($request);
+        $runTime = microtime(true) - $startTime;
+        $this->assertLessThan(1, $runTime);
+    }
+}