From 8236aba58542c5f89f1d41ca09d84579efb05e22 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 31 May 2020 23:09:59 +0200 Subject: [PATCH] tool_getparam: -i is not OK if -J is used Reported-by: sn on hackerone Bug: https://curl.haxx.se/docs/CVE-2020-8177.html Upstream-Status: Backport CVE:CVE-2020-8177 Signed-off-by: Armin Kuster --- src/tool_cb_hdr.c | 22 ++++------------------ src/tool_getparam.c | 5 +++++ 2 files changed, 9 insertions(+), 18 deletions(-) Index: curl-7.69.1/src/tool_cb_hdr.c =================================================================== --- curl-7.69.1.orig/src/tool_cb_hdr.c +++ curl-7.69.1/src/tool_cb_hdr.c @@ -134,25 +134,11 @@ filename = parse_filename(p, len); if(filename) { if(outs->stream) { - int rc; - /* already opened and possibly written to */ - if(outs->fopened) - fclose(outs->stream); - outs->stream = NULL; + /* indication of problem, get out! */ + free(filename); + return failure; + } - /* rename the initial file name to the new file name */ - rc = rename(outs->filename, filename); - if(rc != 0) { - warnf(outs->config->global, "Failed to rename %s -> %s: %s\n", - outs->filename, filename, strerror(errno)); - } - if(outs->alloc_filename) - Curl_safefree(outs->filename); - if(rc != 0) { - free(filename); - return failure; - } - } outs->is_cd_filename = TRUE; outs->s_isreg = TRUE; outs->fopened = FALSE; Index: curl-7.69.1/src/tool_getparam.c =================================================================== --- curl-7.69.1.orig/src/tool_getparam.c +++ curl-7.69.1/src/tool_getparam.c @@ -1807,6 +1807,11 @@ ParameterError getparameter(const char * } break; case 'i': + if(config->content_disposition) { + warnf(global, + "--include and --remote-header-name cannot be combined.\n"); + return PARAM_BAD_USE; + } config->show_headers = toggle; /* show the headers as well in the general output stream */ break;