Merge commit from fork

* fix: validate `form` file information to prevent amplification attacks

* meh

Author: elliott-with-the-longest-name-on-github

.changeset/chubby-clouds-search.md

@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+fix: validate `form` file information to prevent amplification attacks

packages/kit/src/runtime/form-utils.js

@@ -269,6 +269,15 @@ export async function deserialize_binary_form(request) {
 
 	const [data, meta] = devalue.parse(text_decoder.decode(data_buffer), {
 		File: ([name, type, size, last_modified, index]) => {
+			if (
+				typeof name !== 'string' ||
+				typeof type !== 'string' ||
+				typeof size !== 'number' ||
+				typeof last_modified !== 'number' ||
+				typeof index !== 'number'
+			) {
+				throw deserialize_error('invalid file metadata');
+			}
 			if (files_start_offset + file_offsets[index] + size > content_length) {
 				throw deserialize_error('file data overflow');
 			}

packages/kit/src/runtime/form-utils.spec.js

@@ -383,6 +383,85 @@ describe('binary form serializer', () => {
 		}
 	});
 
+	test('rejects type confusion attack on file metadata', async () => {
+		// Reproduces the attack from the vulnerability report: a crafted devalue payload
+		// where File metadata contains nested arrays referencing a BigInt(1e308) instead
+		// of primitive values. Without validation, arithmetic on `size` triggers recursive
+		// array-to-string coercion causing CPU exhaustion.
+		//
+		// Uses the same payload structure as the original POC but with repeats=2
+		// (enough to prove the fix, without risk of stalling if it regresses).
+		const repeats = 2;
+
+		const data = JSON.stringify([
+			// Index 0: root array referencing File proxy objects at indices 10, 11
+			[...Array(repeats)].map((_, i) => 10 + i),
+			// Index 1: holey array [, , size] — devalue HOLE (-2) creates sparse entries
+			// so the File reviver gets [undefined, undefined, <nested arrays>]
+			[-2, -2, 2],
+			// Indices 2–8: cascade of arrays referencing each other, amplifying traversal
+			[3, 3, 3, 3, 3, 3, 3],
+			[4, 4, 4, 4, 4, 4, 4],
+			[5, 5, 5, 5, 5, 5, 5, 5],
+			[6, 6, 6, 6, 6, 6, 6, 6],
+			[7, 7, 7, 7, 7, 7, 7, 7],
+			[8, 8, 8, 8, 8, 8, 8, 8],
+			[9, 9, 9, 9, 9, 9, 9, 9],
+			// Index 9: BigInt(1e308) — a 309-digit number, expensive to coerce to string
+			['BigInt', 1e308],
+			// Indices 10+: File objects referencing the holey array at index 1
+			...Array(repeats).fill(['File', 1])
+		]);
+
+		const file_offsets = JSON.stringify([0]);
+		const data_buf = text_encoder.encode(data);
+		const offsets_buf = text_encoder.encode(file_offsets);
+		const total = 7 + data_buf.length + offsets_buf.length;
+		const body = new Uint8Array(total);
+		const view = new DataView(body.buffer);
+		body[0] = 0;
+		view.setUint32(1, data_buf.length, true);
+		view.setUint16(5, offsets_buf.length, true);
+		body.set(data_buf, 7);
+		body.set(offsets_buf, 7 + data_buf.length);
+
+		await expect(
+			deserialize_binary_form(
+				new Request('http://test', {
+					method: 'POST',
+					body,
+					headers: {
+						'Content-Type': BINARY_FORM_CONTENT_TYPE,
+						'Content-Length': total.toString()
+					}
+				})
+			)
+		).rejects.toThrow('invalid file metadata');
+	}, 1000);
+
+	test.each([
+		{
+			name: 'name is a number instead of string',
+			payload: '[[1,3],{"file":2},["File",4],{},[5,6,7,8,9],123,"text/plain",0,0,0]'
+		},
+		{
+			name: 'size is an array instead of number',
+			payload: '[[1,3],{"file":2},["File",4],{},[5,6,7,8,9],"a.txt","text/plain",[10,10,10],0,0,1]'
+		},
+		{
+			name: 'last_modified is a string instead of number',
+			payload: '[[1,3],{"file":2},["File",4],{},[5,6,7,8,9],"a.txt","text/plain",0,"bad",0]'
+		},
+		{
+			name: 'sparse/holey array (fields are undefined)',
+			payload: '[[1,3],{"file":2},["File",4],{},[-2,-2,7],"a.txt","text/plain",0]'
+		}
+	])('rejects invalid file metadata: $name', async ({ payload }) => {
+		await expect(deserialize_binary_form(build_raw_request(payload))).rejects.toThrow(
+			'invalid file metadata'
+		);
+	});
+
 	test('rejects memory amplification attack via nested array in file offset table', async () => {
 		// A crafted file offset table
 		// containing a nested array like [[1e20,1e20,...,1e20]]. When file_offsets[0] is
@@ -443,9 +522,14 @@ describe('binary form serializer', () => {
 			offsets: '["0", "1"]'
 		}
 	])('rejects invalid file offset table: $name', async ({ offsets }) => {
-		await expect(deserialize_binary_form(build_raw_request_with_offsets(offsets))).rejects.toThrow(
-			'invalid file offset table'
-		);
+		await expect(
+			deserialize_binary_form(
+				build_raw_request(
+					'[[1,3],{"file":2},["File",4],{},[5,6,7,8,9],"a.txt","text/plain",0,0,0]',
+					offsets
+				)
+			)
+		).rejects.toThrow('invalid file offset table');
 	});
 
 	// Regression test for https://github.com/sveltejs/kit/issues/14971
@@ -479,11 +563,11 @@ describe('binary form serializer', () => {
 	});
 
 	/**
-	 * Build a binary form request with a raw devalue payload and custom file offsets JSON.
+	 * Build a binary form request with a raw devalue payload.
+	 * @param {string} devalue_data
 	 * @param {string} file_offsets_json
 	 */
-	function build_raw_request_with_offsets(file_offsets_json) {
-		const devalue_data = '[[1,3],{"file":2},["File",4],{},[5,6,7,8,9],"a.txt","text/plain",0,0,0]';
+	function build_raw_request(devalue_data, file_offsets_json = '[0]') {
 		const data_buf = text_encoder.encode(devalue_data);
 		const offsets_buf = text_encoder.encode(file_offsets_json);
 		const total = 7 + data_buf.length + offsets_buf.length + 1; // +1 for a fake file byte