From 0aedccc18a33a7785350d8d622ef273c727690cf Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 13 Jun 2011 22:32:00 +0200
Subject: [PATCH] curl_formget: fix FILE * leak

Properly deal with the fact that the last fread() call most probably is
a short read, and when using callbacks in fact all calls can be short
reads. No longer consider a file read done until it returns a 0 from the
read function.

Reported by: Aaron Orenstein
Bug: http://curl.haxx.se/mail/lib-2011-06/0048.html
---
 lib/formdata.c        | 11 ++++++++---
 tests/data/test1308   |  3 +++
 tests/unit/unit1308.c | 17 +++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/lib/formdata.c b/lib/formdata.c
index 49e795453..5419371de 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -891,7 +891,7 @@ int curl_formget(struct curl_httppost *form, void *arg,
           Curl_formclean(&data);
           return -1;
         }
-      } while(nread == sizeof(buffer));
+      } while(nread);
     }
     else {
       if(ptr->length != append(arg, ptr->line, ptr->length)) {
@@ -1306,6 +1306,11 @@ static size_t readfromfile(struct Form *form, char *buffer,
       return 0;
     else
       nread = form->fread_func(buffer, 1, size, form->data->line);
+
+    if(nread > size)
+      /* the read callback can return a value larger than the buffer but
+         treat any such as no data in this case */
+      nread = 0;
   }
   else {
     if(!form->fp) {
@@ -1316,9 +1321,9 @@ static size_t readfromfile(struct Form *form, char *buffer,
     }
     nread = fread(buffer, 1, size, form->fp);
   }
-  if(!nread || nread > size) {
+  if(!nread) {
     /* this is the last chunk from the file, move on */
-    if(!callback) {
+    if(form->fp) {
       fclose(form->fp);
       form->fp = NULL;
     }
diff --git a/tests/data/test1308 b/tests/data/test1308
index fe7509688..88e9771dd 100644
--- a/tests/data/test1308
+++ b/tests/data/test1308
@@ -23,6 +23,9 @@ formpost unit tests
 <tool>
 unit1308
 </tool>
+<file name="log/test-1308">
+Piece of the file that is to uploaded as a formpost
+</file>
 </client>
 
 </testcase>
diff --git a/tests/unit/unit1308.c b/tests/unit/unit1308.c
index 6b2ab0da6..80e6c57b0 100644
--- a/tests/unit/unit1308.c
+++ b/tests/unit/unit1308.c
@@ -75,4 +75,21 @@ UNITTEST_START
 
   curl_formfree(post);
 
+  /* start a new formpost with a file upload and formget */
+  post = last = NULL;
+
+  rc = curl_formadd(&post, &last,
+                    CURLFORM_PTRNAME, "name of file field",
+                    CURLFORM_FILE, "log/test-1308",
+                    CURLFORM_FILENAME, "custom named file",
+                    CURLFORM_END);
+
+  fail_unless(rc == 0, "curl_formadd returned error");
+
+  rc = curl_formget(post, &total_size, print_httppost_callback);
+  fail_unless(rc == 0, "curl_formget returned error");
+  fail_unless(total_size == 847, "curl_formget got wrong size back");
+
+  curl_formfree(post);
+
 UNITTEST_STOP