1 files changed, 26 insertions, 51 deletions

diff --git a/lib/formdata.c b/lib/formdata.c
index aa5a79ac1..cbef51171 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -21,6 +21,7 @@
  ***************************************************************************/
 
 #include "setup.h"
+
 #include <curl/curl.h>
 
 /* Length of the random boundary string. */
@@ -28,14 +29,10 @@
 
 #if !defined(CURL_DISABLE_HTTP) || defined(USE_SSLEAY)
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-#include <time.h>
 #if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME)
 #include <libgen.h>
 #endif
+
 #include "urldata.h" /* for struct SessionHandle */
 #include "formdata.h"
 #include "curl_rand.h"
@@ -462,7 +459,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
           if(current_form->flags & HTTPPOST_FILENAME) {
             if(filename) {
               if((current_form = AddFormInfo(strdup(filename),
-                                              NULL, current_form)) == NULL)
+                                             NULL, current_form)) == NULL)
                 return_value = CURL_FORMADD_MEMORY;
             }
             else
@@ -487,46 +484,18 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         break;
       }
 
-    case CURLFORM_BUFFER:
-      {
-        const char *filename = array_state?array_value:
-          va_arg(params, char *);
-
-        if(current_form->value) {
-          if(current_form->flags & HTTPPOST_BUFFER) {
-            if(filename) {
-              if((current_form = AddFormInfo(strdup(filename),
-                                              NULL, current_form)) == NULL)
-                return_value = CURL_FORMADD_MEMORY;
-            }
-            else
-              return_value = CURL_FORMADD_NULL;
-          }
-          else
-            return_value = CURL_FORMADD_OPTION_TWICE;
-        }
-        else {
-          if(filename) {
-            current_form->value = strdup(filename);
-            if(!current_form->value)
-              return_value = CURL_FORMADD_MEMORY;
-          }
-          else
-            return_value = CURL_FORMADD_NULL;
-          current_form->flags |= HTTPPOST_BUFFER;
-        }
-        break;
-      }
-
     case CURLFORM_BUFFERPTR:
-      current_form->flags |= HTTPPOST_PTRBUFFER;
+      current_form->flags |= HTTPPOST_PTRBUFFER|HTTPPOST_BUFFER;
       if(current_form->buffer)
         return_value = CURL_FORMADD_OPTION_TWICE;
       else {
         char *buffer =
           array_state?array_value:va_arg(params, char *);
-        if(buffer)
+        if(buffer) {
           current_form->buffer = buffer; /* store for the moment */
+          current_form->value = buffer; /* make it non-NULL to be accepted
+                                           as fine */
+        }
         else
           return_value = CURL_FORMADD_NULL;
       }
@@ -567,8 +536,8 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
           if(current_form->flags & HTTPPOST_FILENAME) {
             if(contenttype) {
               if((current_form = AddFormInfo(NULL,
-                                              strdup(contenttype),
-                                              current_form)) == NULL)
+                                             strdup(contenttype),
+                                             current_form)) == NULL)
                 return_value = CURL_FORMADD_MEMORY;
             }
             else
@@ -606,6 +575,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         break;
       }
     case CURLFORM_FILENAME:
+    case CURLFORM_BUFFER:
       {
         const char *filename = array_state?array_value:
           va_arg(params, char *);
@@ -622,6 +592,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
       }
     default:
       return_value = CURL_FORMADD_UNKNOWN_OPTION;
+      break;
     }
   }
 
@@ -884,10 +855,11 @@ int curl_formget(struct curl_httppost *form, void *arg,
 
       do {
         nread = readfromfile(&temp, buffer, sizeof(buffer));
-        if((nread == (size_t) -1) || (nread != append(arg, buffer, nread))) {
-          if(temp.fp) {
+        if((nread == (size_t) -1) ||
+           (nread > sizeof(buffer)) ||
+           (nread != append(arg, buffer, nread))) {
+          if(temp.fp)
             fclose(temp.fp);
-          }
           Curl_formclean(&data);
           return -1;
         }
@@ -925,7 +897,8 @@ void curl_formfree(struct curl_httppost *form)
 
     if(!(form->flags & HTTPPOST_PTRNAME) && form->name)
       free(form->name); /* free the name */
-    if(!(form->flags & (HTTPPOST_PTRCONTENTS|HTTPPOST_CALLBACK)) &&
+    if(!(form->flags &
+         (HTTPPOST_PTRCONTENTS|HTTPPOST_BUFFER|HTTPPOST_CALLBACK)) &&
        form->contents)
       free(form->contents); /* free the contents */
     if(form->contenttype)
@@ -1297,22 +1270,24 @@ int Curl_FormInit(struct Form *form, struct FormData *formdata )
   return 0;
 }
 
+/*
+ * readfromfile()
+ *
+ * The read callback that this function may use can return a value larger than
+ * 'size' (which then this function returns) that indicates a problem and it
+ * must be properly dealt with
+ */
 static size_t readfromfile(struct Form *form, char *buffer,
                            size_t size)
 {
   size_t nread;
-  bool callback = (bool)(form->data->type == FORM_CALLBACK);
+  bool callback = (form->data->type == FORM_CALLBACK)?TRUE:FALSE;
 
   if(callback) {
     if(form->fread_func == ZERO_NULL)
       return 0;
     else
       nread = form->fread_func(buffer, 1, size, form->data->line);
-
-    if(nread > size)
-      /* the read callback can return a value larger than the buffer but
-         treat any such as no data in this case */
-      nread = 0;
   }
   else {
     if(!form->fp) {