Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
curl_mime *mime = curl_mime_init(easy);
curl_mimepart *part = curl_mime_addpart(mime);
CURLcode a1 = curl_mime_subparts(part, mime);
curl_mime_free(mime); should not crash but curl_mime_subparts(part, mime); should returns CURLE_BAD_FUNCTION_ARGUMENT and do nothing.
curl 7.56.0 (i386-pc-win32) libcurl/7.56.0 WinSSL
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS Largefile SSPI Kerberos SPNEGO NTLM SSL
Windows 7 x64
The text was updated successfully, but these errors were encountered:
I'm not convinced this is something we have to protect against, but it should be easy to at least prevent this bad use.
Sorry, something went wrong.
mime: prevent curl_mime_subparts() from adding "itself"
Refuse to add its own "ancestor".
Reported-by: Alexey Melnichuk
Let me know what you think of this fix!
No branches or pull requests