aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Fandrich <dan@coneharvesters.com>2010-08-24 16:45:31 -0700
committerDan Fandrich <dan@coneharvesters.com>2010-08-24 16:45:31 -0700
commit77ba147e762b4a0db33d712a5d6a8eeeb50011f4 (patch)
treeb697c8c25ccf4231483e4ac0d6580d608593fba5
parentbed311eda27a3c7c87f0988310462414c54e5384 (diff)
Fixed a NULL pointer dereference in form posting
It was introduced in commit eeb2cb05 along with the -F type= change. Also fixed a typo in the name of the magic filename= parameter. Tweaked tests 39 and 173 to better test this path.
-rw-r--r--src/main.c9
-rw-r--r--tests/data/test17313
-rw-r--r--tests/data/test392
3 files changed, 18 insertions, 6 deletions
diff --git a/src/main.c b/src/main.c
index 093f6bed4..3734c94fd 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1210,8 +1210,13 @@ static int formparse(struct Configurable *config,
specified and if not we simply assume that it is text that
the user wants included in the type and include that too up
to the next zero or semicolon. */
- if((*sep==';') && !curlx_strnequal(";filname=", sep, 9))
- sep = strchr(sep+1, ';');
+ if((*sep==';') && !curlx_strnequal(";filename=", sep, 10)) {
+ sep2 = strchr(sep+1, ';');
+ if (sep2)
+ sep = sep2;
+ else
+ sep = sep+strlen(sep); /* point to end of string */
+ }
if(*sep) {
*sep=0; /* zero terminate type string */
diff --git a/tests/data/test173 b/tests/data/test173
index 203bed824..bf6af0007 100644
--- a/tests/data/test173
+++ b/tests/data/test173
@@ -1,4 +1,11 @@
<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+</keywords>
+</info>
+
# Server-side
<reply>
<data>
@@ -21,7 +28,7 @@ http
HTTP RFC1867-formpost a file from stdin with "faked" filename
</name>
<command>
-http://%HOSTIP:%HTTPPORT/we/want/173 -F field1=contents1 -F "fileupload=@-;filename=/dev/null"
+http://%HOSTIP:%HTTPPORT/we/want/173 -F field1=contents1 -F "fileupload=@-;filename=/dev/null;type=text/x-null;format=x-curl"
</command>
<stdin>
@@ -46,7 +53,7 @@ POST /we/want/173 HTTP/1.1
User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6
Host: %HOSTIP:%HTTPPORT
Accept: */*
-Content-Length: 359
+Content-Length: 360
Expect: 100-continue
Content-Type: multipart/form-data; boundary=----------------------------5dbea401cd8c
@@ -56,7 +63,7 @@ Content-Disposition: form-data; name="field1"
contents1
------------------------------5dbea401cd8c
Content-Disposition: form-data; name="fileupload"; filename="/dev/null"
-Content-Type: application/octet-stream
+Content-Type: text/x-null;format=x-curl
line1
line2
diff --git a/tests/data/test39 b/tests/data/test39
index 95df74b42..2c8da3364 100644
--- a/tests/data/test39
+++ b/tests/data/test39
@@ -26,7 +26,7 @@ http
HTTP RFC1867-type formposting with filename= and type=
</name>
<command>
-http://%HOSTIP:%HTTPPORT/we/want/39 -F name=daniel -F tool=curl --form-string "str1=@literal" --form-string "str2=<verbatim;type=xxx/yyy" -F "file=@log/test39.txt;filename=fakerfile;type=moo/foobar" -F file2=@log/test39.txt
+http://%HOSTIP:%HTTPPORT/we/want/39 -F name=daniel -F tool=curl --form-string "str1=@literal" --form-string "str2=<verbatim;type=xxx/yyy" -F "file=@log/test39.txt;type=moo/foobar;filename=fakerfile" -F file2=@log/test39.txt
</command>
# We create this file before the command is invoked!
<file name="log/test39.txt">