RFC2046:
==
   As stated previously, each body part is preceded by a boundary
   delimiter line that contains the boundary delimiter. The boundary
   delimiter MUST NOT appear inside any of the encapsulated parts, on a
   line by itself or as the prefix of any line. This implies that it is
   crucial that the composing agent be able to choose and specify a
   unique boundary parameter value that does not contain the boundary
   parameter value of an enclosing multipart as a prefix.
==

libcurl is the composing agent choosing the boundary, so also responsible for choosing one that MUST NOT appear inside any of the encapsulated parts.
Either by searching the form fields for the boundary it intends to use, and choosing a different one if found, or using one that is so random it is unlikely to be in the data.
In any case not a predicatable number.

---
** [bugs:#1251] Form boundary string should be truly random**
**Status:** open
**Created:** Mon Jun 24, 2013 11:24 AM UTC by Floris
**Last Updated:** Mon Jun 24, 2013 11:40 AM UTC
**Owner:** nobody
The use of predicatable pseudo-random numbers to generate the multipart/form boundary can lead to security issues in software using libcurl.
See: http://localhost.re/p/solusvm-whmcs-module-316-vulnerability
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.