go: mime/multipart: TempFile file hangs around on disk after usage in multipart/formdata.go

Hey Go team,

I’d like to know if this is a bug or expected behavior. If it is a bug, I would like to write a patch to fix it.

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (`go version`)?

go version go1.8 linux/amd64

What operating system and processor architecture are you using (`go env`)?

GOOS=“linux” GOARCH=“amd64”

What did you do?

When uploading a file to a Go HTTP server, the call to req.ParseMultipartForm() subsequently calls readForm() and if the file size exceeds the maxMemory setting it creates a file on disk using the ioutil.TempFile() func, but the resulting file is never removed by the Go program. Unix behavior aside, based on the documentation for ioutil.TempFile(), the caller should remove the file once it is done using it. The file is only ever removed from the Go program if the io.Copy returns a non-nil error.

If possible, provide a recipe for reproducing the error. A complete runnable program is good.

I would need to show a lot of code to demonstrate this, but you can see in the Go src here how the file is never removed: https://github.com/golang/go/blob/master/src/mime/multipart/formdata.go#L78

A link on play.golang.org is best.

What did you expect to see?

I expect that the temp file is removed after the file is copied to it’s designated location on disk.

What did you see instead?

my /tmp directory is littered with multipart-XXXXXXXX files

About this issue

Original URL
State: closed
Created 7 years ago
Reactions: 4
Comments: 20 (6 by maintainers)

Commits related to this issue

Add multipart temporary files deletion after request processing, see https://github.com/golang/go/issues/20253 — committed to qb0C80aE/clay by qb0C80aE 6 years ago
Take extra care to not leave tmp files behind on uploads See https://github.com/golang/go/issues/20253 for more context. — committed to artyom/notes-server by artyom 3 years ago
http2: delete multipart form tempfiles after ServeHTTP returns Do the same post-handler cleanup as the HTTP/1 server does. No test here; test for HTTP/1 and HTTP/2 in CL 423194. For golang/go#20253.... — committed to golang/net by neild 2 years ago
net/http: add a test to verify form tempfiles are deleted The HTTP/1 server deletes multipart form tempfiles after ServeHTTP returns, but the HTTP/2 server does not. Add a test to verify cleanup happ... — committed to golang/go by neild 2 years ago
http2: delete multipart form tempfiles after ServeHTTP returns Do the same post-handler cleanup as the HTTP/1 server does. No test here; test for HTTP/1 and HTTP/2 in CL 423194. For golang/go#20253.... — committed to WeiminShang/net by WeiminShang 2 years ago

Most upvoted comments

If this won’t be fully fixed in 1.10, how about mentioning the need to call RemoveAll in the documentation for ParseMultipartForm?

lpar on Aug 14, 2018

That’s ok, I’ll leave it to you if you have started. We have a workaround for now.

kennygrant on Nov 3, 2017

@neild is a backport of https://go.dev/cl/423055 planned?

No, this doesn’t meet the backport criteria: It isn’t a security issue and there is a workaround (call r.MultipartForm.RemoveAll manually).

Thanks for reminding me that this issue can be closed with https://go.dev/cl/423055 submitted, since it’ll be fixed in 1.20.

neild on Aug 26, 2022

I’m no expert but you should be able to remove files without closing them?

...
file, _, err := r.FormFile("file")
if err != nil {
	return err
}
defer file.Close()
...

Leaves no “multipart*” files behind.

dvdscripter on Aug 21, 2018