cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-2525347 ] CURLOPT_READFUNCTION/CURLFORM_STREAM overwrites MIME boundry

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Mon, 02 Feb 2009 16:00:11 +0000

Bugs item #2525347, was opened at 2009-01-21 02:24
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2525347&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: libcurl
Group: wrong behaviour
>Status: Pending
>Resolution: Works For Me
Priority: 5
Private: No
Submitted By: Brian Wilson (brianwski)
Assigned to: Daniel Stenberg (bagder)
Summary: CURLOPT_READFUNCTION/CURLFORM_STREAM overwrites MIME boundry

Initial Comment:
On Windows Vista32 (but reproducible on Linux and Macintosh platforms), libCURL 7.19.3, I just started using CURLFORM_STREAM and the CURLOPT_READFUNCTION with a Multi-Part Mime POST of HTTPS, and the CURLOPT_READFUNCTION callback function is continued to be called past the end of the specified CURLFORM_CONTENTSLENGTH amount of data. It is called *EXACTLY* enough to overwrite the ending "\r\n-----mimeboundary----\r\n" section and if I continue filling data in that spot the resulting HTTPS POST arrives at the destination server with my extra over-written data exactly where the MIME boundary should have been (and no extra bytes, just exactly enough to not crash but to over-write the MIME boundary and stop).

I was able to work around this easily by having my code remember the CURLFORM_CONTENTSLENGTH in my own private variable and stop filling data at the correct moment when I had filled out exactly CURLFORM_CONTENTSLENGTH and returning "0" after that when the CURLOPT_READFUNCTION callback is called again (as specified in the libCURL manual when you want to prematurely stop a current transfer).

Below are snippets of code I think show how I am calling libCURL to reproduce this. As a side note, I LOVE libCURL, thanks so much for the good work! And this bug report is not a complaint, as I mentioned my bugs are all worked around, just trying to contribute back a little.

-- Brian

------- CUT HERE for code snippets -------

struct curl_httppost *thePost=NULL;
struct curl_httppost *theLast=NULL;
...
curl_easy_setopt(ch, CURLOPT_READDATA, &myReadData);
curl_easy_setopt(ch, CURLOPT_READFUNCTION, myCallback);
....
curl_formadd(&thePost, &theLast,
    CURLFORM_COPYNAME, "oneMimePart",
    CURLFORM_COPYCONTENTS, "example1", CURLFORM_END);
curl_formadd(&thePost, &theLast,
    CURLFORM_COPYNAME, "twoMimePart",
    CURLFORM_COPYCONTENTS, "example2", CURLFORM_END);
curl_formadd(&thePost, &theLast,
    CURLFORM_COPYNAME, "finalMimePart",
    CURLFORM_CONTENTTYPE, "binary",
    CURLFORM_FILENAME, "foo.zip",
    CURLFORM_STREAM, &myReadData,
    CURLFORM_CONTENTSLENGTH, numBytesInDataToPost,
    CURLFORM_END);

curl_easy_setopt(ch, CURLOPT_HTTPPOST, thePost);
curl_easy_perform(ch);

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-02-02 16:59

Message:
Thanks for reporting this issue and helping us improve curl and libcurl.

We're awaiting feedback in this issue. Due to this, I have set the state
of this issue to pending and it will automatically get closed later on
unless we get further info.

Please consider answering the outstanding questions or providing the
missing info so that we can proceed to resolve this issue!

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-01-26 14:33

Message:
I can't repeat the problem. I uploaded "dump-2525347" that shows the output
when I run it against my localhost and all mime boundaries are in there...

----------------------------------------------------------------------

Comment By: Brian Wilson (brianwski)
Date: 2009-01-23 01:23

Message:
Final version, I promise. I forgot to declare one variable in the test
code. -- BrianW
File Added: 2525347_brianw_fixed_final.c

----------------------------------------------------------------------

Comment By: Brian Wilson (brianwski)
Date: 2009-01-23 01:20

Message:
Removing bad source code example -- BrianW

----------------------------------------------------------------------

Comment By: Brian Wilson (brianwski)
Date: 2009-01-23 01:19

Message:
Wait, don't use the previous one, I fixed up one more thing and here is the
correct file. -- BrianW
File Added: 2525347_brianw_fixed.c

----------------------------------------------------------------------

Comment By: Brian Wilson (brianwski)
Date: 2009-01-23 01:16

Message:
I added just a few lines to your code example that show the problem (see
newly attached source file). You can search for "brianw" in the code. I
added a global counter showing how many bytes had been copied by your
example showing it goes way over the 400 byte buffer. I then added
(commented out in the code) my work-around
that when it reaches the correct 400 byte limit it stops. -- BrianW
File Added: 2525347_brianw.c

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-01-21 23:23

Message:
Well, I tried to write up a complete example that repeats this as far as
I've understood it but failed. My app code is now attached to this report.

Can you please edit/adjust/extend that code so that it repeats this
problem? It'll help me understand it properly and make the right fixes.

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=2525347&group_id=976
Received on 2009-02-02

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET