New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault when add mime as subpart to itself #1962

Closed
moteus opened this Issue Oct 6, 2017 · 2 comments

Comments

Projects
None yet
2 participants
@moteus

moteus commented Oct 6, 2017

I did this

curl_mime *mime = curl_mime_init(easy);
curl_mimepart *part = curl_mime_addpart(mime);
CURLcode a1 = curl_mime_subparts(part, mime);
curl_mime_free(mime);

I expected the following

curl_mime_free(mime); should not crash but curl_mime_subparts(part, mime); should returns CURLE_BAD_FUNCTION_ARGUMENT and do nothing.

curl/libcurl version

curl 7.56.0 (i386-pc-win32) libcurl/7.56.0 WinSSL
Release-Date: 2017-10-04
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS Largefile SSPI Kerberos SPNEGO NTLM SSL

operating system

Windows 7 x64

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Oct 7, 2017

Member

I'm not convinced this is something we have to protect against, but it should be easy to at least prevent this bad use.

Member

bagder commented Oct 7, 2017

I'm not convinced this is something we have to protect against, but it should be easy to at least prevent this bad use.

bagder added a commit that referenced this issue Oct 7, 2017

mime: prevent curl_mime_subparts() from adding "itself"
Refuse to add its own "ancestor".

Reported-by: Alexey Melnichuk
Fixes #1962
@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Oct 7, 2017

Member

Let me know what you think of this fix!

Member

bagder commented Oct 7, 2017

Let me know what you think of this fix!

@bagder bagder added the crash label Oct 7, 2017

@monnerat monnerat closed this in ebcbed3 Oct 8, 2017

@lock lock bot locked as resolved and limited conversation to collaborators May 6, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.