tool_getparam: -i is not OK if -J is used

Reported-by: sn on hackerone Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
author: Daniel Stenberg <daniel@haxx.se> 2020-05-31 23:09:59 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2020-06-22 00:49:58 +0200
commit: 8236aba58542c5f89f1d41ca09d84579efb05e22 (patch)
tree: 2a4e0b4b5728ae4aa02c39cf9019ae63e0e0b22d /src/tool_getparam.c
parent: 26d2755d7c3181e90e46014778941bff53d2309f (diff)
download: curl-8236aba58542c5f89f1d41ca09d84579efb05e22.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 0cd11c479..1ab3983f4 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1817,6 +1817,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
       }
       break;
     case 'i':
+      if(config->content_disposition) {
+        warnf(global,
+              "--include and --remote-header-name cannot be combined.\n");
+        return PARAM_BAD_USE;
+      }
       config->show_headers = toggle; /* show the headers as well in the
                                         general output stream */
       break;
author	Daniel Stenberg <daniel@haxx.se>	2020-05-31 23:09:59 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2020-06-22 00:49:58 +0200
commit	8236aba58542c5f89f1d41ca09d84579efb05e22 (patch)
tree	2a4e0b4b5728ae4aa02c39cf9019ae63e0e0b22d /src/tool_getparam.c
parent	26d2755d7c3181e90e46014778941bff53d2309f (diff)
download	curl-8236aba58542c5f89f1d41ca09d84579efb05e22.tar.gz