tool_getparam: -i is not OK if -J is used

Reported-by: sn on hackerone Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
2025-02-28 09:21:50 -05:00 · 2020-05-31 23:09:59 +02:00 · 2020-05-31 23:09:59 +02:00 · 8236aba585
commit 8236aba585
parent 26d2755d7c
2 changed files with 9 additions and 18 deletions
--- a/src/tool_cb_hdr.c
+++ b/src/tool_cb_hdr.c
@ -186,25 +186,11 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata)
      filename = parse_filename(p, len);
      if(filename) {
        if(outs->stream) {
-          int rc;
-          /* already opened and possibly written to */
-          if(outs->fopened)
-            fclose(outs->stream);
-          outs->stream = NULL;
-
-          /* rename the initial file name to the new file name */
-          rc = rename(outs->filename, filename);
-          if(rc != 0) {
-            warnf(per->config->global, "Failed to rename %s -> %s: %s\n",
-                  outs->filename, filename, strerror(errno));
-          }
-          if(outs->alloc_filename)
-            Curl_safefree(outs->filename);
-          if(rc != 0) {
-            free(filename);
-            return failure;
-          }
+          /* indication of problem, get out! */
+          free(filename);
+          return failure;
        }
+
        outs->is_cd_filename = TRUE;
        outs->s_isreg = TRUE;
        outs->fopened = FALSE;
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@ -1817,6 +1817,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
      }
      break;
    case 'i':
+      if(config->content_disposition) {
+        warnf(global,
+              "--include and --remote-header-name cannot be combined.\n");
+        return PARAM_BAD_USE;
+      }
      config->show_headers = toggle; /* show the headers as well in the
                                        general output stream */
      break;