From 3d31d4526fa4d4e4f59b89cabe194fb671063cdb Mon Sep 17 00:00:00 2001
From: Feross Aboukhadijeh <feross@feross.org>
Date: Tue, 19 Jan 2016 04:54:24 +0100
Subject: [PATCH 1/2] Fix remote memory disclosure in multipart attachments

---
 lib/multipart.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/multipart.js b/lib/multipart.js
index 03618588c..c12817261 100644
--- a/lib/multipart.js
+++ b/lib/multipart.js
@@ -68,6 +68,9 @@ Multipart.prototype.build = function (parts, chunked) {
   var body = chunked ? new CombinedStream() : []
 
   function add (part) {
+    if (typeof part === 'number') {
+      part = part.toString()
+    }
     return chunked ? body.append(part) : body.push(new Buffer(part))
   }
 

From 8e98a6e358dd87966df022542fc3354547465876 Mon Sep 17 00:00:00 2001
From: simov <simeonvelichkov@gmail.com>
Date: Wed, 20 Jan 2016 09:28:31 +0200
Subject: [PATCH 2/2] Test converting of numeric multipart bodies to string

---
 tests/test-multipart.js | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/tests/test-multipart.js b/tests/test-multipart.js
index 255852b70..4afb87895 100644
--- a/tests/test-multipart.js
+++ b/tests/test-multipart.js
@@ -41,20 +41,24 @@ function runTest(t, a) {
     req.on('end', function() {
       // check for the fields traces
 
-      // 1st field : my_field
+      // my_field
       t.ok(data.indexOf('name: my_field') !== -1)
       t.ok(data.indexOf(multipartData[0].body) !== -1)
+      
+      // my_number
+      t.ok(data.indexOf('name: my_number') !== -1)
+      t.ok(data.indexOf(multipartData[1].body) !== -1)
 
-      // 2nd field : my_buffer
+      // my_buffer
       t.ok(data.indexOf('name: my_buffer') !== -1)
-      t.ok(data.indexOf(multipartData[1].body) !== -1)
+      t.ok(data.indexOf(multipartData[2].body) !== -1)
 
-      // 3rd field : my_file
+      // my_file
       t.ok(data.indexOf('name: my_file') !== -1)
       // check for unicycle.jpg traces
       t.ok(data.indexOf('2005:06:21 01:44:12') !== -1)
 
-      // 4th field : remote_file
+      // remote_file
       t.ok(data.indexOf('name: remote_file') !== -1)
       // check for http://localhost:6767/file traces
       t.ok(data.indexOf('Photoshop ICC') !== -1)
@@ -73,6 +77,7 @@ function runTest(t, a) {
     // @NOTE: multipartData properties must be set here so that my_file read stream does not leak in node v0.8
     multipartData = [
       {name: 'my_field', body: 'my_value'},
+      {name: 'my_number', body: 1000},
       {name: 'my_buffer', body: new Buffer([1, 2, 3])},
       {name: 'my_file', body: fs.createReadStream(localFile)},
       {name: 'remote_file', body: request('http://localhost:6767/file')}