Incorrect EOF handling with "-F field=<-" #1281

Closed
shachaf opened this Issue Feb 23, 2017 · 4 comments

Projects

None yet

2 participants

@shachaf
shachaf commented Feb 23, 2017

To reproduce: Run curl -F 'field=<-' 'http://example.com/', then type "abc\n" and press ^D; curl will continue waiting for input until you press ^D a second time.

The bug is caused by the use of fread() in Curl_getformdata() (code at the time of writing). In the example above, fread() will return 4 after the first call, even at EOF. To handle EOF correctly, the code should check feof() explicitly.

@bagder bagder added the HTTP label Feb 23, 2017
@bagder
Member
bagder commented Feb 23, 2017

Sounds perfectly reasonable! Like this:

diff --git a/lib/formdata.c b/lib/formdata.c
index c12227623..668f5da0e 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -3,11 +3,11 @@
  *  Project                     ___| | | |  _ \| |
  *                             / __| | | | |_) | |
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at https://curl.haxx.se/docs/copyright.html.
  *
@@ -1332,10 +1332,12 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
             char buffer[512];
             while((nread = fread(buffer, 1, sizeof(buffer), fileread)) != 0) {
               result = AddFormData(&form, FORM_CONTENT, buffer, nread, &size);
               if(result)
                 break;
+              if(feof(fileread))
+                break;
             }
           }
         }
         else {
           if(data)
@shachaf
shachaf commented Feb 23, 2017

While you're at it you may also want to check for ferror(), which is a separate condition from feof().

@bagder
Member
bagder commented Feb 23, 2017

True. But what errors could that really be when reading from stdin that don't also end the stream? I suppose it won't do any harm to check for them too, but I'm thinking we ignore the error and use the read data up until that point anyway...

@bagder bagder added a commit that closed this issue Feb 23, 2017
@bagder bagder formdata: check for EOF when reading from stdin
Reported-by: shachaf@users.noreply.github.com

Fixes #1281
86f5660
@bagder bagder closed this in 86f5660 Feb 23, 2017
@bagder
Member
bagder commented Feb 23, 2017

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment