From: Dan Fandrich <dan@coneharvesters.com>
Date: Tue, 24 Aug 2010 23:45:31 +0000 (-0700)
Subject: Fixed a NULL pointer dereference in form posting
X-Git-Tag: upstream/7.37.1~4805
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=77ba147e762b4a0db33d712a5d6a8eeeb50011f4;p=platform%2Fupstream%2Fcurl.git

Fixed a NULL pointer dereference in form posting

It was introduced in commit eeb2cb05 along with the -F type=
change. Also fixed a typo in the name of the magic filename=
parameter. Tweaked tests 39 and 173 to better test this path.
---

diff --git a/src/main.c b/src/main.c
index 093f6be..3734c94 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1210,8 +1210,13 @@ static int formparse(struct Configurable *config,
                  specified and if not we simply assume that it is text that
                  the user wants included in the type and include that too up
                  to the next zero or semicolon. */
-              if((*sep==';') && !curlx_strnequal(";filname=", sep, 9))
-                sep = strchr(sep+1, ';');
+              if((*sep==';') && !curlx_strnequal(";filename=", sep, 10)) {
+                sep2 = strchr(sep+1, ';');
+                if (sep2)
+                  sep = sep2;
+                else
+                  sep = sep+strlen(sep); /* point to end of string */
+              }
 
               if(*sep) {
                 *sep=0; /* zero terminate type string */
diff --git a/tests/data/test173 b/tests/data/test173
index 203bed8..bf6af00 100644
--- a/tests/data/test173
+++ b/tests/data/test173
@@ -1,4 +1,11 @@
 <testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+</keywords>
+</info>
+
 # Server-side
 <reply>
 <data>
@@ -21,7 +28,7 @@ http
 HTTP RFC1867-formpost a file from stdin with "faked" filename
  </name>
  <command>
-http://%HOSTIP:%HTTPPORT/we/want/173 -F field1=contents1 -F "fileupload=@-;filename=/dev/null"
+http://%HOSTIP:%HTTPPORT/we/want/173 -F field1=contents1 -F "fileupload=@-;filename=/dev/null;type=text/x-null;format=x-curl"
 </command>
 
 <stdin>
@@ -46,7 +53,7 @@ POST /we/want/173 HTTP/1.1
 User-Agent: curl/7.12.1-CVS (i686-pc-linux-gnu) libcurl/7.12.1-CVS OpenSSL/0.9.6b ipv6 zlib/1.1.4 GSS libidn/0.4.6
 Host: %HOSTIP:%HTTPPORT
 Accept: */*
-Content-Length: 359
+Content-Length: 360
 Expect: 100-continue
 Content-Type: multipart/form-data; boundary=----------------------------5dbea401cd8c
 
@@ -56,7 +63,7 @@ Content-Disposition: form-data; name="field1"
 contents1
 ------------------------------5dbea401cd8c
 Content-Disposition: form-data; name="fileupload"; filename="/dev/null"
-Content-Type: application/octet-stream
+Content-Type: text/x-null;format=x-curl
 
 line1
 line2
diff --git a/tests/data/test39 b/tests/data/test39
index 95df74b..2c8da33 100644
--- a/tests/data/test39
+++ b/tests/data/test39
@@ -26,7 +26,7 @@ http
 HTTP RFC1867-type formposting with filename= and type=
  </name>
  <command>
-http://%HOSTIP:%HTTPPORT/we/want/39 -F name=daniel -F tool=curl --form-string "str1=@literal" --form-string "str2=<verbatim;type=xxx/yyy" -F "file=@log/test39.txt;filename=fakerfile;type=moo/foobar" -F file2=@log/test39.txt
+http://%HOSTIP:%HTTPPORT/we/want/39 -F name=daniel -F tool=curl --form-string "str1=@literal" --form-string "str2=<verbatim;type=xxx/yyy" -F "file=@log/test39.txt;type=moo/foobar;filename=fakerfile" -F file2=@log/test39.txt
 </command>
 # We create this file before the command is invoked!
 <file name="log/test39.txt">