🥅 improve error handling

Author: ctcpip

lib/make-middleware.js

@@ -101,6 +101,15 @@ function makeMiddleware (setup) {
 
     // handle files
     busboy.on('file', function (fieldname, fileStream, { filename, encoding, mimeType }) {
+      var pendingWritesIncremented = false
+
+      fileStream.on('error', function (err) {
+        if (pendingWritesIncremented) {
+          pendingWrites.decrement()
+        }
+        abortWithError(err)
+      })
+
       if (fieldname == null) return abortWithCode('MISSING_FIELD_NAME')
 
       // don't attach to the files object, if there is no file
@@ -132,6 +141,7 @@ function makeMiddleware (setup) {
         }
 
         var aborting = false
+        pendingWritesIncremented = true
         pendingWrites.increment()
 
         Object.defineProperty(file, 'stream', {
@@ -140,11 +150,6 @@ function makeMiddleware (setup) {
           value: fileStream
         })
 
-        fileStream.on('error', function (err) {
-          pendingWrites.decrement()
-          abortWithError(err)
-        })
-
         fileStream.on('limit', function () {
           aborting = true
           abortWithCode('LIMIT_FILE_SIZE', fieldname)

test/express-integration.js

@@ -196,4 +196,46 @@ describe('Express Integration', function () {
     req.write(body)
     req.end()
   })
+
+  it('should not crash on malformed multipart body with bad boundary', function (done) {
+    var upload = multer()
+
+    app.post('/upload3', upload.single('image'), function (req, res) {
+      res.status(500).end('Request should not be processed')
+    })
+
+    app.use(function (err, req, res, next) {
+      assert.strictEqual(err.message, 'Unexpected end of form')
+      res.status(200).end('Correct error')
+    })
+
+    var boundary = '----FormBoundary'
+    var body = [
+      '------FormBoundary',
+      'Content-Disposition: form-data; name="image"; filename=""',
+      'Content-Type: application/octet-stream',
+      '',
+      '', // empty content
+      '------FormBoundar' // intentionally malformed final boundary (missing 'y')
+    ].join('\r\n')
+
+    var options = {
+      hostname: 'localhost',
+      port,
+      path: '/upload3',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'multipart/form-data; boundary=' + boundary,
+        'Content-Length': Buffer.byteLength(body)
+      }
+    }
+
+    var req = http.request(options, (res) => {
+      assert.strictEqual(res.statusCode, 200)
+      done()
+    })
+
+    req.write(body)
+    req.end()
+  })
 })