Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
curl.25399
curl-check-content-type.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File curl-check-content-type.patch of Package curl.25399
From d7471c136901e1955547a20d7bfa126d47d81b56 Mon Sep 17 00:00:00 2001 From: Patrick Monnerat <patrick@monnerat.net> Date: Sat, 18 Apr 2020 16:50:20 +0200 Subject: [PATCH] mime: properly check Content-Type even if it has parameters New test 669 checks this fix is effective. Fixes #5256 Closes #5258 Reported-by: thanhchungbtc on github --- lib/mime.c | 21 ++++++++++++-- tests/data/Makefile.inc | 2 +- tests/data/test669 | 64 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 3 deletions(-) create mode 100644 tests/data/test669 Index: curl-7.60.0/lib/mime.c =================================================================== --- curl-7.60.0.orig/lib/mime.c +++ curl-7.60.0/lib/mime.c @@ -1680,6 +1680,23 @@ const char *Curl_mime_contenttype(const return NULL; } +static bool content_type_match(const char *contenttype, const char *target) +{ + size_t len = strlen(target); + + if(contenttype && strncasecompare(contenttype, target, len)) + switch(contenttype[len]) { + case '\0': + case '\t': + case '\r': + case '\n': + case ' ': + case ';': + return TRUE; + } + return FALSE; +} + CURLcode Curl_mime_prepare_headers(curl_mimepart *part, const char *contenttype, const char *disposition, @@ -1731,7 +1748,7 @@ CURLcode Curl_mime_prepare_headers(curl_ boundary = mime->boundary; } else if(contenttype && !customct && - strcasecompare(contenttype, "text/plain")) + content_type_match(contenttype, "text/plain")) if(strategy == MIMESTRATEGY_MAIL || !part->filename) contenttype = NULL; @@ -1807,7 +1824,7 @@ CURLcode Curl_mime_prepare_headers(curl_ curl_mimepart *subpart; disposition = NULL; - if(strcasecompare(contenttype, "multipart/form-data")) + if(content_type_match(contenttype, "multipart/form-data")) disposition = "form-data"; for(subpart = mime->firstpart; subpart; subpart = subpart->nextpart) { ret = Curl_mime_prepare_headers(subpart, NULL, disposition, strategy); Index: curl-7.60.0/tests/data/Makefile.inc =================================================================== --- curl-7.60.0.orig/tests/data/Makefile.inc +++ curl-7.60.0/tests/data/Makefile.inc @@ -84,6 +84,7 @@ test626 test627 test628 test629 test630 test635 test636 test637 test638 test639 test640 test641 test642 \ test643 test644 test645 test646 test647 test648 test649 test650 test651 \ test652 test653 test654 test655 \ +test669 \ \ test700 test701 test702 test703 test704 test705 test706 test707 test708 \ test709 test710 test711 test712 test713 test714 test715 \ Index: curl-7.60.0/tests/data/test669 =================================================================== --- /dev/null +++ curl-7.60.0/tests/data/test669 @@ -0,0 +1,64 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP POST +HTTP MIME POST +HTTP FORMPOST +</keywords> +</info> +# Server-side +<reply> +<data> +HTTP/1.0 200 OK swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake + +blablabla + +</data> +</reply> + +# Client-side +<client> +<server> +http +</server> + <name> +HTTP custom Content-Type with parameter + </name> + <command> +http://%HOSTIP:%HTTPPORT/we/want/669 -H 'Content-type: multipart/form-data; charset=utf-8' -F name=daniel -F tool=curl +</command> +</file> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<strippart> +s/^--------------------------[a-z0-9]*/------------------------------/ +s/boundary=------------------------[a-z0-9]*/boundary=----------------------------/ +</strippart> +<protocol> +POST /we/want/669 HTTP/1.1 +User-Agent: curl/7.10.4 (i686-pc-linux-gnu) libcurl/7.10.4 OpenSSL/0.9.7a ipv6 zlib/1.1.3 +Host: %HOSTIP:%HTTPPORT +Accept: */* +Content-Length: 242 +Content-Type: multipart/form-data; charset=utf-8; boundary=---------------------------- + +------------------------------ +Content-Disposition: form-data; name="name" + +daniel +------------------------------ +Content-Disposition: form-data; name="tool" + +curl +-------------------------------- +</protocol> +</verify> +</testcase>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor