multiparty - npm Package Compare versions

Comparing version 2.1.3 to 2.1.4

CHANGELOG.md

@@ -0,1 +1,5 @@
+### 2.1.4
+
+ * fix crash for invalid requests
+
 ### 2.1.3
@@ -2,0 +6,0 @@

index.js

@@ -156,7 +156,7 @@ exports.Form = Form;
         if (index === boundaryLength - 2) {
-          if (c !== CR) return cb(new Error("Expected CR Received " + c));
+          if (c !== CR) return error(self, new Error("Expected CR Received " + c));
           index++;
           break;
         } else if (index === boundaryLength - 1) {
-          if (c !== LF) return cb(new Error("Expected LF Received " + c));
+          if (c !== LF) return error(self, new Error("Expected LF Received " + c));
           index = 0;
@@ -189,3 +189,3 @@ self.onParsePartBegin();
             // empty header field
-            cb(new Error("Empty header field"));
+            error(self, new Error("Empty header field"));
             return;
@@ -201,3 +201,4 @@ }
         if (cl < A || cl > Z) {
-          cb(new Error("Expected alphabetic character, received " + c));
+          error(self, new Error("Expected alphabetic character, received " + c));
+          return;
         }
@@ -220,9 +221,9 @@ break;
       case HEADER_VALUE_ALMOST_DONE:
-        if (c !== LF) return cb(new Error("Expected LF Received " + c));
+        if (c !== LF) return error(self, new Error("Expected LF Received " + c));
         state = HEADER_FIELD_START;
         break;
       case HEADERS_ALMOST_DONE:
-        if (c !== LF) return cb(new Error("Expected LF Received " + c));
+        if (c !== LF) return error(self, new Error("Expected LF Received " + c));
         var err = self.onParseHeadersEnd(i + 1);
-        if (err) return cb(err);
+        if (err) return error(self, err);
         state = PART_DATA_START;
@@ -311,3 +312,4 @@ break;
       default:
-        cb(new Error("Parser has invalid state."));
+        error(self, new Error("Parser has invalid state."));
+        return;
     }
@@ -454,3 +456,3 @@ }
 function error(self, err) {
-  assert.ok(!self.error);
+  assert.ok(!self.error, err.stack);
   self.error = err;
@@ -457,0 +459,0 @@ self.emit('error', err);

package.json

 {
   "name": "multiparty",
-  "version": "2.1.3",
+  "version": "2.1.4",
   "description": "multipart/form-data parser which supports streaming",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3562087

increased by0.03%

Number of package files

52

increased by1.96%

Lines of code

1214

increased by2.88%

Worsened metrics

Number of medium supply chain risk alerts

12

increased by9.09%

No dependency changes