diff options
| -rw-r--r-- | lib/formdata.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/lib/formdata.c b/lib/formdata.c index 5e961440a..46dd454fa 100644 --- a/lib/formdata.c +++ b/lib/formdata.c @@ -128,11 +128,8 @@ Content-Disposition: form-data; name="FILECONTENT" #include "memdebug.h" #endif -/* Length of the random boundary string. The risk of this being used - in binary data is very close to zero, 64^32 makes - 6277101735386680763835789423207666416102355444464034512896 - combinations... */ -#define BOUNDARY_LENGTH 32 +/* Length of the random boundary string. */ +#define BOUNDARY_LENGTH 40 /* What kind of Content-Type to use on un-specified files with unrecognized extensions. */ @@ -1049,22 +1046,23 @@ char *Curl_FormBoundary(void) the same form won't be identical */ int i; - static char table62[]= - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; + static char table16[]="abcdef0123456789"; - retstring = (char *)malloc(BOUNDARY_LENGTH); + retstring = (char *)malloc(BOUNDARY_LENGTH+1); if(!retstring) return NULL; /* failed */ srand(time(NULL)+randomizer++); /* seed */ - strcpy(retstring, "curl"); /* bonus commercials 8*) */ + strcpy(retstring, "----------------------------"); - for(i=4; i<(BOUNDARY_LENGTH-1); i++) { - retstring[i] = table62[rand()%62]; - } - retstring[BOUNDARY_LENGTH-1]=0; /* zero terminate */ + for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++) + retstring[i] = table16[rand()%16]; + + /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416) + combinations */ + retstring[BOUNDARY_LENGTH]=0; /* zero terminate */ return retstring; } |