diff options
author | Dan Fandrich <dan@coneharvesters.com> | 2010-08-24 16:45:31 -0700 |
---|---|---|
committer | Dan Fandrich <dan@coneharvesters.com> | 2010-08-24 16:45:31 -0700 |
commit | 77ba147e762b4a0db33d712a5d6a8eeeb50011f4 (patch) | |
tree | b697c8c25ccf4231483e4ac0d6580d608593fba5 | |
parent | bed311eda27a3c7c87f0988310462414c54e5384 (diff) |
Fixed a NULL pointer dereference in form posting
It was introduced in commit eeb2cb05 along with the -F type=
change. Also fixed a typo in the name of the magic filename=
parameter. Tweaked tests 39 and 173 to better test this path.
-rw-r--r-- | src/main.c | 9 | ||||
-rw-r--r-- | tests/data/test173 | 13 | ||||
-rw-r--r-- | tests/data/test39 | 2 |
3 files changed, 18 insertions, 6 deletions
diff --git a/src/main.c b/src/main.c index 093f6bed4..3734c94fd 100644 --- a/src/main.c +++ b/src/main.c @@ -1210,8 +1210,13 @@ static int formparse(struct Configurable *config, specified and if not we simply assume that it is text that the user wants included in the type and include that too up to the next zero or semicolon. */ - if((*sep==';') && !curlx_strnequal(";filname=", sep, 9)) - sep = strchr(sep+1, ';'); + if((*sep==';') && !curlx_strnequal(";filename=", sep, 10)) { + sep2 = strchr(sep+1, ';'); + if (sep2) + sep = sep2; + else + sep = sep+strlen(sep); /* point to end of string */ + } if(*sep) { *sep=0; /* zero terminate type string */ diff --git a/tests/data/test173 b/tests/data/test173 index 203bed824..bf6af0007 100644 --- a/tests/data/test173 +++ b/tests/data/test173 @@ -1,4 +1,11 @@ <testcase> +<info> +<keywords> +HTTP +HTTP POST +</keywords> +</info> + # Server-side <reply> <data> @@ -21,7 +28,7 @@ http HTTP RFC1867-formpost a file from stdin with "faked" filename </name> <command> -http://%HOSTIP:%HTTPPORT/we/want/173 -F field1=contents1 -F "fileupload=@-;filename=/dev/null" +http://%HOSTIP:%HTTPPORT/we/want/173 -F field1=contents1 -F "fileupload=@-;filename=/dev/null;type=text/x-null;format=x-curl" </command> <stdin> @@ -46,7 +53,7 @@ POST /we/want/173 HTTP/1.1 User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6
Host: %HOSTIP:%HTTPPORT
Accept: */*
-Content-Length: 359
+Content-Length: 360
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------5dbea401cd8c
@@ -56,7 +63,7 @@ Content-Disposition: form-data; name="field1" contents1
------------------------------5dbea401cd8c
Content-Disposition: form-data; name="fileupload"; filename="/dev/null"
-Content-Type: application/octet-stream
+Content-Type: text/x-null;format=x-curl
line1 line2 diff --git a/tests/data/test39 b/tests/data/test39 index 95df74b42..2c8da3364 100644 --- a/tests/data/test39 +++ b/tests/data/test39 @@ -26,7 +26,7 @@ http HTTP RFC1867-type formposting with filename= and type= </name> <command> -http://%HOSTIP:%HTTPPORT/we/want/39 -F name=daniel -F tool=curl --form-string "str1=@literal" --form-string "str2=<verbatim;type=xxx/yyy" -F "file=@log/test39.txt;filename=fakerfile;type=moo/foobar" -F file2=@log/test39.txt +http://%HOSTIP:%HTTPPORT/we/want/39 -F name=daniel -F tool=curl --form-string "str1=@literal" --form-string "str2=<verbatim;type=xxx/yyy" -F "file=@log/test39.txt;type=moo/foobar;filename=fakerfile" -F file2=@log/test39.txt </command> # We create this file before the command is invoked! <file name="log/test39.txt"> |