moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

formadd: wrong pointer for file name when CURLFORM_BUFFERPTR used

Browse Source 
The internal function that's used to detect known file extensions for
the default Content-Type got the the wrong pointer passed in when
CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that
strlen() would be used which could lead to an out-of-bounds read (and
thus segfault). In most cases it would only lead to it not finding or
using the correct default content-type.

It also showed that test 554 and test 587 were testing for the
previous/wrong behavior and now they're updated as well.

Bug: http://curl.haxx.se/bug/view.cgi?id=1262
Reported-by: Konstantin Isakov
This commit is contained in:
Daniel Stenberg 2013-08-04 23:27:27 +02:00
parent 51f0b798fa
commit 0ddc678927
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/formdata.c
View File

@ -168,8 +168,8 @@ static FormInfo * AddFormInfo(char *value,
* Returns some valid contenttype for filename. * Returns some valid contenttype for filename.
* *
***************************************************************************/ ***************************************************************************/
static const char * ContentTypeForFilename (const char *filename, static const char *ContentTypeForFilename(const char *filename,
const char *prevtype) const char *prevtype)
{ {
const char *contenttype = NULL; const char *contenttype = NULL;
unsigned int i; unsigned int i;
@ -178,7 +178,7 @@ static const char * ContentTypeForFilename (const char *filename,
* extensions and pick the first we match! * extensions and pick the first we match!
*/ */
struct ContentType { struct ContentType {
char extension[6]; const char *extension;
const char *type; const char *type;
}; };
static const struct ContentType ctts[]={ static const struct ContentType ctts[]={
@ -667,9 +667,11 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
if(((form->flags & HTTPPOST_FILENAME) || if(((form->flags & HTTPPOST_FILENAME) ||
(form->flags & HTTPPOST_BUFFER)) && (form->flags & HTTPPOST_BUFFER)) &&
!form->contenttype ) { !form->contenttype ) {
char *f = form->flags & HTTPPOST_BUFFER?
form->showfilename : form->value;
/* our contenttype is missing */ /* our contenttype is missing */
form->contenttype form->contenttype = strdup(ContentTypeForFilename(f, prevtype));
= strdup(ContentTypeForFilename(form->value, prevtype));
if(!form->contenttype) { if(!form->contenttype) {
return_value = CURL_FORMADD_MEMORY; return_value = CURL_FORMADD_MEMORY;
break; break;

4
tests/data/test554
View File

@ -45,7 +45,7 @@ s/boundary=------------------------[a-z0-9]*/boundary=--------------------------
POST /554 HTTP/1.1 POST /554 HTTP/1.1
Host: %HOSTIP:%HTTPPORT Host: %HOSTIP:%HTTPPORT
Accept: */* Accept: */*
Content-Length: 732 Content-Length: 718
Expect: 100-continue Expect: 100-continue
Content-Type: multipart/form-data; boundary=---------------------------- Content-Type: multipart/form-data; boundary=----------------------------
@ -69,7 +69,7 @@ Content-Disposition: form-data; name="submit"
send send
------------------------------ ------------------------------
Content-Disposition: form-data; name="somename"; filename="somefile.txt" Content-Disposition: form-data; name="somename"; filename="somefile.txt"
Content-Type: application/octet-stream Content-Type: text/plain
blah blah blah blah
-------------------------------- --------------------------------

2
tests/data/test587
View File

@ -35,7 +35,7 @@ s/boundary=------------------------[a-z0-9]*/boundary=--------------------------
POST /587 HTTP/1.1 POST /587 HTTP/1.1
Host: %HOSTIP:%HTTPPORT Host: %HOSTIP:%HTTPPORT
Accept: */* Accept: */*
Content-Length: 732 Content-Length: 718
Expect: 100-continue Expect: 100-continue
Content-Type: multipart/form-data; boundary=---------------------------- Content-Type: multipart/form-data; boundary=----------------------------