[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 214/264: mime: properly check Content-Type even if it has parame
From: |
gnunet |
Subject: |
[gnurl] 214/264: mime: properly check Content-Type even if it has parameters |
Date: |
Thu, 30 Apr 2020 16:08:37 +0200 |
This is an automated email from the git hooks/post-receive script.
nikita pushed a commit to branch master
in repository gnurl.
commit d7471c136901e1955547a20d7bfa126d47d81b56
Author: Patrick Monnerat <address@hidden>
AuthorDate: Sat Apr 18 16:50:20 2020 +0200
mime: properly check Content-Type even if it has parameters
New test 669 checks this fix is effective.
Fixes #5256
Closes #5258
Reported-by: thanhchungbtc on github
---
lib/mime.c | 21 ++++++++++++++--
tests/data/Makefile.inc | 2 +-
tests/data/test669 | 64 +++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 84 insertions(+), 3 deletions(-)
diff --git a/lib/mime.c b/lib/mime.c
index b72732310..e13d92e94 100644
--- a/lib/mime.c
+++ b/lib/mime.c
@@ -1778,6 +1778,23 @@ const char *Curl_mime_contenttype(const char *filename)
return NULL;
}
+static bool content_type_match(const char *contenttype, const char *target)
+{
+ size_t len = strlen(target);
+
+ if(contenttype && strncasecompare(contenttype, target, len))
+ switch(contenttype[len]) {
+ case '\0':
+ case '\t':
+ case '\r':
+ case '\n':
+ case ' ':
+ case ';':
+ return TRUE;
+ }
+ return FALSE;
+}
+
CURLcode Curl_mime_prepare_headers(curl_mimepart *part,
const char *contenttype,
const char *disposition,
@@ -1829,7 +1846,7 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part,
boundary = mime->boundary;
}
else if(contenttype && !customct &&
- strcasecompare(contenttype, "text/plain"))
+ content_type_match(contenttype, "text/plain"))
if(strategy == MIMESTRATEGY_MAIL || !part->filename)
contenttype = NULL;
@@ -1905,7 +1922,7 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part,
curl_mimepart *subpart;
disposition = NULL;
- if(strcasecompare(contenttype, "multipart/form-data"))
+ if(content_type_match(contenttype, "multipart/form-data"))
disposition = "form-data";
for(subpart = mime->firstpart; subpart; subpart = subpart->nextpart) {
ret = Curl_mime_prepare_headers(subpart, NULL, disposition, strategy);
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index aa2883929..aabe1e6d9 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -87,7 +87,7 @@ test626 test627 test628 test629 test630 test631 test632
test633 test634 \
test635 test636 test637 test638 test639 test640 test641 test642 \
test643 test644 test645 test646 test647 test648 test649 test650 test651 \
test652 test653 test654 test655 test656 test658 test659 test660 test661 \
-test662 test663 test664 test665 test666 test667 test668 \
+test662 test663 test664 test665 test666 test667 test668 test669 \
test670 test671 test672 test673 \
\
test700 test701 test702 test703 test704 test705 test706 test707 test708 \
diff --git a/tests/data/test669 b/tests/data/test669
new file mode 100644
index 000000000..aaae2c51d
--- /dev/null
+++ b/tests/data/test669
@@ -0,0 +1,64 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+HTTP MIME POST
+HTTP FORMPOST
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.0 200 OK swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+
+blablabla
+
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP custom Content-Type with parameter
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/669 -H 'Content-type: multipart/form-data;
charset=utf-8' -F name=daniel -F tool=curl
+</command>
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<strippart>
+s/^--------------------------[a-z0-9]*/------------------------------/
+s/boundary=------------------------[a-z0-9]*/boundary=----------------------------/
+</strippart>
+<protocol>
+POST /we/want/669 HTTP/1.1
+User-Agent: curl/7.10.4 (i686-pc-linux-gnu) libcurl/7.10.4 OpenSSL/0.9.7a ipv6
zlib/1.1.3
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 242
+Content-Type: multipart/form-data; charset=utf-8;
boundary=----------------------------
+
+------------------------------
+Content-Disposition: form-data; name="name"
+
+daniel
+------------------------------
+Content-Disposition: form-data; name="tool"
+
+curl
+--------------------------------
+</protocol>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 122/264: CURLINFO_CONDITION_UNMET: return true for 304 http status code, (continued)
- [gnurl] 122/264: CURLINFO_CONDITION_UNMET: return true for 304 http status code, gnunet, 2020/04/30
- [gnurl] 236/264: gnutls: bump lowest supported version to 3.1.10, gnunet, 2020/04/30
- [gnurl] 137/264: configure: remove use of -vec-report0 from CFLAGS with icc, gnunet, 2020/04/30
- [gnurl] 117/264: sockfilt: fix handling of ready closed sockets on Windows, gnunet, 2020/04/30
- [gnurl] 124/264: KNOWN_BUGS: fixed "USE_UNIX_SOCKETS on Windows", gnunet, 2020/04/30
- [gnurl] 154/264: CI/macos: convert CRLF to LF and align indentation, gnunet, 2020/04/30
- [gnurl] 152/264: server/resolve: remove AI_CANONNAME to make macos tell the truth, gnunet, 2020/04/30
- [gnurl] 213/264: tests/FILEFORMAT: converted to markdown and extended, gnunet, 2020/04/30
- [gnurl] 259/264: doh: Constify some input pointers, gnunet, 2020/04/30
- [gnurl] 161/264: release-notes.pl: detect the start of the references in cleanup mode, gnunet, 2020/04/30
- [gnurl] 214/264: mime: properly check Content-Type even if it has parameters,
gnunet <=
- [gnurl] 164/264: tests: add Windows compatible pidwait like pidkill and pidterm, gnunet, 2020/04/30
- [gnurl] 166/264: tests/server/util.c: use curl_off_t instead of long for pid, gnunet, 2020/04/30
- [gnurl] 167/264: compressed.d: stress that the headers are not modified, gnunet, 2020/04/30
- [gnurl] 165/264: tests: use Cygwin/msys PIDs for stunnel and sshd on Windows, gnunet, 2020/04/30
- [gnurl] 264/264: make gnurl-aux, gnunet, 2020/04/30
- [gnurl] 177/264: cirrus: no longer ignore test 504 which is working again, gnunet, 2020/04/30
- [gnurl] 180/264: tool: do not declare functions with Curl_ prefix, gnunet, 2020/04/30
- [gnurl] 229/264: http: free memory when Alt-Used header creation fails due to OOM, gnunet, 2020/04/30
- [gnurl] 162/264: RELEASE-NOTES: synced, gnunet, 2020/04/30
- [gnurl] 157/264: sshserver.pl: use cached Win32 environment check variable, gnunet, 2020/04/30