Potential fix for pull request finding

mathieucarbou · Copilot · web-flow · commit 27a7184fe89c · 2026-06-07T15:25:59.000+02:00
Co-authored-by: Copilot Autofix powered by AI &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/src/WebRequest.cpp b/src/WebRequest.cpp
@@ -514,13 +514,31 @@ bool AsyncWebServerRequest::_parseReqHeader() {
         // Extract the boundary value; strip any following parameters, optional
         // surrounding whitespace and quotes (RFC 2046 allows quoted-string).
         _boundary = value.substring(bpos + (int)T_BOUNDARY_LEN);
-        int semi = _boundary.indexOf(';');
-        if (semi >= 0) {
-          _boundary = _boundary.substring(0, semi);
-        }
-
         _boundary.trim();
-        _boundary.replace(String('"'), String());
+
+        if (_boundary.startsWith("\"")) {
+          int endQuote = 1;
+          while (true) {
+            endQuote = _boundary.indexOf('"', endQuote);
+            if (endQuote < 0 || _boundary.charAt(endQuote - 1) != '\\') {
+              break;
+            }
+            endQuote++;  // skip escaped quote
+          }
+          if (endQuote < 0) {
+            async_ws_log_d("Invalid multipart boundary (unterminated quote), aborting");
+            _parseState = PARSE_REQ_FAIL;
+            abort();
+            return true;
+          }
+          _boundary = _boundary.substring(1, endQuote);
+        } else {
+          int semi = _boundary.indexOf(';');
+          if (semi >= 0) {
+            _boundary = _boundary.substring(0, semi);
+          }
+          _boundary.trim();
+        }
 
         // CWE-190 / DoS fix: RFC 2046 §5.1 limits boundary strings to 70
         // characters.  _boundaryPosition was formerly uint8_t, so a boundary
