mirror of
https://github.com/moparisthebest/curl
synced 2024-11-10 19:45:04 -05:00
0ddc678927
The internal function that's used to detect known file extensions for the default Content-Type got the the wrong pointer passed in when CURLFORM_BUFFER + CURLFORM_BUFFERPTR were used. This had the effect that strlen() would be used which could lead to an out-of-bounds read (and thus segfault). In most cases it would only lead to it not finding or using the correct default content-type. It also showed that test 554 and test 587 were testing for the previous/wrong behavior and now they're updated as well. Bug: http://curl.haxx.se/bug/view.cgi?id=1262 Reported-by: Konstantin Isakov
79 lines
1.7 KiB
Plaintext
79 lines
1.7 KiB
Plaintext
<testcase>
|
|
#
|
|
# Server-side
|
|
<reply>
|
|
<data mode="text">
|
|
HTTP/1.1 200 OK
|
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
|
Server: test-server/fake swsclose
|
|
Connection: close
|
|
Content-Type: text/html
|
|
|
|
hello
|
|
</data>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
# tool is what to use instead of 'curl'
|
|
<tool>
|
|
lib554
|
|
</tool>
|
|
|
|
<name>
|
|
HTTP multi-part formpost using read callback for the file part
|
|
</name>
|
|
<command>
|
|
http://%HOSTIP:%HTTPPORT/554
|
|
</command>
|
|
</client>
|
|
|
|
#
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<strippart>
|
|
s/^--------------------------[a-z0-9]*/------------------------------/
|
|
s/boundary=------------------------[a-z0-9]*/boundary=----------------------------/
|
|
</strippart>
|
|
# Note that the stripping above removes 12 bytes from every occurance of the
|
|
# boundary string and since 5 of them are in the body contents, we see
|
|
# (5*12) == 60 bytes less
|
|
<protocol>
|
|
POST /554 HTTP/1.1
|
|
Host: %HOSTIP:%HTTPPORT
|
|
Accept: */*
|
|
Content-Length: 718
|
|
Expect: 100-continue
|
|
Content-Type: multipart/form-data; boundary=----------------------------
|
|
|
|
------------------------------
|
|
Content-Disposition: form-data; name="sendfile"; filename="postit2.c"
|
|
|
|
this is what we post to the silly web server
|
|
|
|
------------------------------
|
|
Content-Disposition: form-data; name="callbackdata"
|
|
|
|
this is what we post to the silly web server
|
|
|
|
------------------------------
|
|
Content-Disposition: form-data; name="filename"
|
|
|
|
postit2.c
|
|
------------------------------
|
|
Content-Disposition: form-data; name="submit"
|
|
|
|
send
|
|
------------------------------
|
|
Content-Disposition: form-data; name="somename"; filename="somefile.txt"
|
|
Content-Type: text/plain
|
|
|
|
blah blah
|
|
--------------------------------
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|