diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-02-06 14:56:32 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-02-06 23:48:11 +0100 |
commit | 9472727edc769acde3c372e6674ecaab22de0bb6 (patch) | |
tree | 0e7aea53b802b59cf416dd6cfeab301be042c903 | |
parent | fef38a0898322f285401c5ff2f5e7c90dbf3be63 (diff) | |
download | curl-9472727edc769acde3c372e6674ecaab22de0bb6.tar.gz |
formparse: remove access to private databagder/curl-mimeparent
The mime.h include file MUST NOT be included by the command line tool
code.
Fixes #3532
-rw-r--r-- | src/tool_cfgable.h | 11 | ||||
-rw-r--r-- | src/tool_formparse.c | 20 | ||||
-rw-r--r-- | src/tool_formparse.h | 3 | ||||
-rw-r--r-- | src/tool_getparam.c | 3 |
4 files changed, 24 insertions, 13 deletions
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 81680dbbb..27f1a43ac 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,9 +22,7 @@ * ***************************************************************************/ #include "tool_setup.h" - #include "tool_sdecls.h" - #include "tool_metalink.h" typedef enum { @@ -35,6 +33,12 @@ typedef enum { struct GlobalConfig; +#define MAX_PARENTS 5 +struct mimeparent { + curl_mime *p[MAX_PARENTS]; + int numparents; /* number of parents stored */ +}; + struct OperationConfig { CURL *easy; /* A copy of the handle from GlobalConfig */ bool remote_time; @@ -178,6 +182,7 @@ struct OperationConfig { struct curl_slist *proxyheaders; curl_mime *mimepost; curl_mime *mimecurrent; + struct mimeparent mimeparent; /* for remembering parents */ struct curl_slist *telnet_options; struct curl_slist *resolve; struct curl_slist *connect_to; diff --git a/src/tool_formparse.c b/src/tool_formparse.c index 5d1ea9c53..3c7723ccd 100644 --- a/src/tool_formparse.c +++ b/src/tool_formparse.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -21,9 +21,6 @@ ***************************************************************************/ #include "tool_setup.h" -#include "mime.h" -#include "strcase.h" - #define ENABLE_CURLX_PRINTF /* use our own printf() functions */ #include "curlx.h" @@ -44,7 +41,7 @@ typedef struct { curl_off_t origin; /* File read origin offset. */ curl_off_t size; /* Data size. */ curl_off_t curpos; /* Current read position. */ -} standard_input; +} standard_input; /* @@ -548,6 +545,7 @@ int formparse(struct OperationConfig *config, const char *input, curl_mime **mimepost, curl_mime **mimecurrent, + struct mimeparent *parent, bool literal_value) { /* input MUST be a string in the format 'name=contents' and we'll @@ -591,6 +589,9 @@ int formparse(struct OperationConfig *config, if(*contp == '(' && !literal_value) { curl_mime *subparts; + if(parent->numparents >= (MAX_PARENTS-1)) + return 1; /* too many nested levels! */ + /* Starting a multipart. */ sep = get_param_part(config, '\0', &contp, &data, &type, NULL, NULL, &headers); @@ -620,6 +621,7 @@ int formparse(struct OperationConfig *config, Curl_safefree(contents); return 6; } + parent->p[parent->numparents++] = *mimecurrent; *mimecurrent = subparts; if(curl_mime_headers(part, headers, 1)) { warnf(config->global, "curl_mime_headers failed!\n"); @@ -634,13 +636,15 @@ int formparse(struct OperationConfig *config, } } else if(!name && !strcmp(contp, ")") && !literal_value) { - /* Ending a mutipart. */ + /* Ending a multipart. */ if(*mimecurrent == *mimepost) { warnf(config->global, "no multipart to terminate!\n"); Curl_safefree(contents); return 9; - } - *mimecurrent = (*mimecurrent)->parent->parent; + } + if(!parent->numparents) + return 9; + *mimecurrent = parent->p[--parent->numparents]; } else if('@' == contp[0] && !literal_value) { diff --git a/src/tool_formparse.h b/src/tool_formparse.h index cdf02d028..72fcb0d0a 100644 --- a/src/tool_formparse.h +++ b/src/tool_formparse.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -27,6 +27,7 @@ int formparse(struct OperationConfig *config, const char *input, curl_mime **mimepost, curl_mime **mimecurrent, + struct mimeparent *parent, bool literal_value); #endif /* HEADER_CURL_TOOL_FORMPARSE_H */ diff --git a/src/tool_getparam.c b/src/tool_getparam.c index c7ba5f243..b2848f62a 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1693,6 +1693,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ nextarg, &config->mimepost, &config->mimecurrent, + &config->mimeparent, (subletter == 's')?TRUE:FALSE)) /* 's' is literal string */ return PARAM_BAD_USE; if(SetHTTPrequest(config, HTTPREQ_MIMEPOST, &config->httpreq)) |