diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-05-31 23:09:59 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-06-22 00:49:58 +0200 |
commit | 8236aba58542c5f89f1d41ca09d84579efb05e22 (patch) | |
tree | 2a4e0b4b5728ae4aa02c39cf9019ae63e0e0b22d /src/tool_getparam.c | |
parent | 26d2755d7c3181e90e46014778941bff53d2309f (diff) | |
download | curl-8236aba58542c5f89f1d41ca09d84579efb05e22.tar.gz |
tool_getparam: -i is not OK if -J is used
Reported-by: sn on hackerone
Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
Diffstat (limited to 'src/tool_getparam.c')
-rw-r--r-- | src/tool_getparam.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 0cd11c479..1ab3983f4 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -1817,6 +1817,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ } break; case 'i': + if(config->content_disposition) { + warnf(global, + "--include and --remote-header-name cannot be combined.\n"); + return PARAM_BAD_USE; + } config->show_headers = toggle; /* show the headers as well in the general output stream */ break; |