From 7ee9b04057d9e487133bd4e3243a27402509747c Mon Sep 17 00:00:00 2001
From: hdliu <dev03108@linx-info.com>
Date: Sun, 17 Aug 2025 03:00:38 +0800
Subject: [PATCH] Fix CVE-2025-7783

Signed-off-by: hdliu <dev03108@linx-info.com>
---
 0001-Fix-CVE-2025-7783.patch | 180 +++++++++++++++++++++++++++++++++++
 nodejs-form-data.spec        |   9 +-
 2 files changed, 188 insertions(+), 1 deletion(-)
 create mode 100644 0001-Fix-CVE-2025-7783.patch

diff --git a/0001-Fix-CVE-2025-7783.patch b/0001-Fix-CVE-2025-7783.patch
new file mode 100644
index 0000000..525f9ad
--- /dev/null
+++ b/0001-Fix-CVE-2025-7783.patch
@@ -0,0 +1,180 @@
+From 4f8db3250b356bb56c2f657e0c6c23fe6fae31fd Mon Sep 17 00:00:00 2001
+From: hdliu <dev03108@linx-info.com>
+Date: Sun, 17 Aug 2025 02:38:39 +0800
+Subject: [PATCH] [Fix] Switch to using crypto random for boundary values
+
+Signed-off-by: hdliu <dev03108@linx-info.com>
+---
+ lib/form_data.js                             |  8 +--
+ package.json                                 | 67 ++++++++++----------
+ test/integration/test-boundary-prediction.js | 57 +++++++++++++++++
+ 3 files changed, 94 insertions(+), 38 deletions(-)
+ create mode 100644 test/integration/test-boundary-prediction.js
+
+diff --git a/lib/form_data.js b/lib/form_data.js
+index 5b33f55..a089485 100644
+--- a/lib/form_data.js
++++ b/lib/form_data.js
+@@ -5,6 +5,7 @@ var http = require('http');
+ var https = require('https');
+ var parseUrl = require('url').parse;
+ var fs = require('fs');
++var crypto = require('crypto');
+ var mime = require('mime-types');
+ var async = require('async');
+ 
+@@ -217,12 +218,7 @@ FormData.prototype.getBoundary = function() {
+ FormData.prototype._generateBoundary = function() {
+   // This generates a 50 character boundary similar to those used by Firefox.
+   // They are optimized for boyer-moore parsing.
+-  var boundary = '--------------------------';
+-  for (var i = 0; i < 24; i++) {
+-    boundary += Math.floor(Math.random() * 10).toString(16);
+-  }
+-
+-  this._boundary = boundary;
++  this._boundary = '--------------------------' + crypto.randomBytes(12).toString('hex');
+ };
+ 
+ // Note: getLengthSync DOESN'T calculate streams length
+diff --git a/package.json b/package.json
+index 9ec870f..9c18aaa 100644
+--- a/package.json
++++ b/package.json
+@@ -1,34 +1,37 @@
+ {
+-    "author": "Felix Geisend\u00f6rfer <felix@debuggable.com> (http://debuggable.com/)",
+-    "name": "form-data",
+-    "description": "A module to create readable \"multipart/form-data\" streams.  Can be used to submit forms and file uploads to other web applications.",
+-    "version": "0.2.0",
+-    "repository": {
+-        "type": "git",
+-        "url": "git://github.com/felixge/node-form-data.git"
+-    },
+-    "main": "./lib/form_data",
+-    "scripts": {
+-        "test": "node test/run.js"
+-    },
+-    "engines": {
+-        "node": ">= 0.8"
+-    },
+-    "dependencies": {
+-        "async": "^1.5.0",
+-        "combined-stream": "^1.0.5",
+-        "mime-types": "^2.1.7"
+-    },
+-    "licenses": [
+-        {
+-            "type": "MIT",
+-            "url": "https://raw.github.com/felixge/node-form-data/master/License"
+-        }
+-    ],
+-    "devDependencies": {
+-        "fake": "~0.2.2",
+-        "far": "~0.0.7",
+-        "formidable": "~1.0.14",
+-        "request": "~2.36.0"
++  "author": "Felix Geisendörfer <felix@debuggable.com> (http://debuggable.com/)",
++  "name": "form-data",
++  "description": "A module to create readable \"multipart/form-data\" streams.  Can be used to submit forms and file uploads to other web applications.",
++  "version": "0.2.0",
++  "repository": {
++    "type": "git",
++    "url": "git://github.com/felixge/node-form-data.git"
++  },
++  "main": "./lib/form_data",
++  "scripts": {
++    "test": "node test/run.js"
++  },
++  "engines": {
++    "node": ">= 0.8"
++  },
++  "dependencies": {
++    "async": "~0.9.0",
++    "combined-stream": "~0.0.4",
++    "mime-types": "~2.0.3"
++  },
++  "licenses": [
++    {
++      "type": "MIT",
++      "url": "https://raw.github.com/felixge/node-form-data/master/License"
+     }
+-}
+\ No newline at end of file
++  ],
++  "devDependencies": {
++    "fake": "~0.2.2",
++    "far": "~0.0.7",
++    "formidable": "~1.0.14",
++    "pre-commit": "^1.2.2",
++    "predict-v8-randomness": "^1.0.35",
++    "puppeteer": "^1.20.0",
++    "request": "~2.36.0"
++  }
++}
+diff --git a/test/integration/test-boundary-prediction.js b/test/integration/test-boundary-prediction.js
+new file mode 100644
+index 0000000..a46674b
+--- /dev/null
++++ b/test/integration/test-boundary-prediction.js
+@@ -0,0 +1,57 @@
++var common = require('../common');
++var assert = common.assert;
++var FormData = require(common.dir.lib + '/form_data');
++var predictV8Randomness = require('predict-v8-randomness');
++
++var initialSequence = [
++  Math.random(),
++  Math.random(),
++  Math.random(),
++  Math.random(),
++];
++
++var predictor = new predictV8Randomness.Predictor(initialSequence);
++
++predictor.predictNext(24).then(function (next24RandomOutputs) {
++  var predictedBoundary = next24RandomOutputs
++    .map(function (v) {
++      return Math.floor(v * 10).toString(16);
++    })
++    .join('');
++  var boundaryIntro = '----------------------------';
++
++  var payload =
++    'zzz\r\n' +
++    boundaryIntro +
++    predictedBoundary +
++    '\r\nContent-Disposition: form-data; name="is_admin"\r\n\r\ntrue\r\n' +
++    boundaryIntro +
++    predictedBoundary +
++    '--\r\n';
++
++  var FIELDS = {
++    my_field: {
++      value: payload,
++    },
++  };
++
++  // count total
++  var fieldsPassed = Object.keys(FIELDS).length;
++
++  // prepare form-receiving http server
++  var server = common.testFields(FIELDS, function (fields) {
++    fieldsPassed = fields;
++  });
++
++  server.listen(common.port, function () {
++    var form = new FormData();
++
++    common.actions.populateFields(form, FIELDS);
++
++    common.actions.submit(form, server);
++  });
++
++  process.on('exit', function () {
++    assert.strictEqual(fieldsPassed, 0);
++  });
++});
+-- 
+2.33.0
+
diff --git a/nodejs-form-data.spec b/nodejs-form-data.spec
index 28f0e01..d5561c3 100644
--- a/nodejs-form-data.spec
+++ b/nodejs-form-data.spec
@@ -2,7 +2,7 @@
 %global enable_tests 0
 Name:                nodejs-form-data
 Version:             0.2.0
-Release:             1
+Release:             2
 Summary:             A module to create readable "multipart/form-data" streams
 License:             MIT
 URL:                 https://github.com/form-data/form-data
@@ -10,6 +10,9 @@ Source0:             https://github.com/form-data/form-data/archive/0.2/form-dat
 BuildArch:           noarch
 ExclusiveArch:       %{nodejs_arches} noarch
 ExclusiveArch:       %{ix86} x86_64 %{arm} noarch
+
+Patch0:              0001-Fix-CVE-2025-7783.patch
+
 BuildRequires:       nodejs-packaging
 BuildRequires:       npm(async) npm(combined-stream) npm(mime-types)
 %if 0%{?enable_tests}
@@ -21,6 +24,7 @@ submit forms and file uploads to other web applications.
 
 %prep
 %setup -q -n form-data-0.2
+%patch0 -p1
 %nodejs_fixdep async "^1.5.0"
 %nodejs_fixdep mime-types "^2.1.7"
 %nodejs_fixdep combined-stream "^1.0.5"
@@ -44,5 +48,8 @@ cp -pr package.json lib %{buildroot}%{nodejs_sitelib}/form-data
 %{nodejs_sitelib}/form-data
 
 %changelog
+* Tue Aug 19 2025 hdliu <dev03108@linx-info.com> - 0.2.0-2
+- Fix CVE-2025-7783
+
 * Thu Aug 20 2020 Anan Fu <fuanan3@huawei.com> - 0.2.0-1
 - package init
-- 
Gitee