form/mime: field names are not allowed to contain zero-valued bytes.

Also suppress length argument of curl_mime_name() (names are always
zero-terminated).

docs/examples/multi-post.c

@@ -51,17 +51,17 @@ int main(void)
 
     /* Fill in the file upload field */
     field = curl_mime_addpart(form);
-    curl_mime_name(field, "sendfile", CURL_ZERO_TERMINATED);
+    curl_mime_name(field, "sendfile");
     curl_mime_filedata(field, "multi-post.c");
 
     /* Fill in the filename field */
     field = curl_mime_addpart(form);
-    curl_mime_name(field, "filename", CURL_ZERO_TERMINATED);
+    curl_mime_name(field, "filename");
     curl_mime_data(field, "multi-post.c", CURL_ZERO_TERMINATED);
 
     /* Fill in the submit field too, even if this is rarely needed */
     field = curl_mime_addpart(form);
-    curl_mime_name(field, "submit", CURL_ZERO_TERMINATED);
+    curl_mime_name(field, "submit");
     curl_mime_data(field, "send", CURL_ZERO_TERMINATED);
 
     /* initialize custom header list (stating that Expect: 100-continue is not

docs/examples/postit2.c

@@ -61,17 +61,17 @@ int main(int argc, char *argv[])
 
     /* Fill in the file upload field */
     field = curl_mime_addpart(form);
-    curl_mime_name(field, "sendfile", CURL_ZERO_TERMINATED);
+    curl_mime_name(field, "sendfile");
     curl_mime_filedata(field, "postit2.c");
 
     /* Fill in the filename field */
     field = curl_mime_addpart(form);
-    curl_mime_name(field, "filename", CURL_ZERO_TERMINATED);
+    curl_mime_name(field, "filename");
     curl_mime_data(field, "postit2.c", CURL_ZERO_TERMINATED);
 
     /* Fill in the submit field too, even if this is rarely needed */
     field = curl_mime_addpart(form);
-    curl_mime_name(field, "submit", CURL_ZERO_TERMINATED);
+    curl_mime_name(field, "submit");
     curl_mime_data(field, "send", CURL_ZERO_TERMINATED);
 
     /* initialize custom header list (stating that Expect: 100-continue is not

docs/libcurl/curl_formadd.3

@@ -62,16 +62,15 @@ parts.
 .IP CURLFORM_COPYNAME
 followed by a string which provides the \fIname\fP of this part. libcurl
 copies the string so your application doesn't need to keep it around after
-this function call. If the name isn't NUL-terminated, or if you'd
-like it to contain zero bytes, you must set its length with
-\fBCURLFORM_NAMELENGTH\fP. The copied data will be freed by
-\fIcurl_formfree(3)\fP.
+this function call. If the name isn't NUL-terminated, you must set its length
+with \fBCURLFORM_NAMELENGTH\fP. The \fIname\fP is not allowed to contain
+zero-valued bytes. The copied data will be freed by \fIcurl_formfree(3)\fP.
 .IP CURLFORM_PTRNAME
 followed by a string which provides the \fIname\fP of this part. libcurl
 will use the pointer and refer to the data in your application, so you
 must make sure it remains until curl no longer needs it. If the name
-isn't NUL-terminated, or if you'd like it to contain zero
-bytes, you must set its length with \fBCURLFORM_NAMELENGTH\fP.
+isn't NUL-terminated, you must set its length with \fBCURLFORM_NAMELENGTH\fP.
+The \fIname\fP is not allowed to contain zero-valued bytes.
 .IP CURLFORM_COPYCONTENTS
 followed by a pointer to the contents of this part, the actual data
 to send away. libcurl copies the provided data, so your application doesn't
@@ -172,7 +171,8 @@ you've called \fIcurl_easy_cleanup(3)\fP for the curl handle.
 
 See example below.
 .SH AVAILABILITY
-Deprecated in 7.56.0.
+Deprecated in 7.56.0. Before this release, field names were allowed to
+contain zero-valued bytes.
 .SH RETURN VALUE
 0 means everything was ok, non-zero means an error occurred corresponding
 to a CURL_FORMADD_* constant defined in

docs/libcurl/curl_mime_addpart.3

@@ -51,7 +51,7 @@ A mime part structure handle, or NULL upon failure.
 
  /* continue and set name + data to the part */
  curl_mime_data(part, "This is the field data", CURL_ZERO_TERMINATED);
- curl_mime_name(part, "data", CURL_ZERO_TERMINATED);
+ curl_mime_name(part, "data");
 .fi
 .SH "SEE ALSO"
 .BR curl_mime_init "(3),"

docs/libcurl/curl_mime_data.3

@@ -64,6 +64,6 @@ CURLE_OK or a CURL error code upon failure.
 .fi
 .SH "SEE ALSO"
 .BR curl_mime_addpart "(3),"
-.BR curl_mime_data_cb "(3)"
-.BR curl_mime_name "(3)"
+.BR curl_mime_data_cb "(3),"
+.BR curl_mime_name "(3),"
 .BR curl_mime_type "(3)"

docs/libcurl/curl_mime_data_cb.3

@@ -155,6 +155,6 @@ int seek_callback(void *arg, curl_off_t offset, int origin)
                    &hugectl);
 
 .SH "SEE ALSO"
-.BR curl_mime_addpart "(3)"
-.BR curl_mime_data "(3)"
+.BR curl_mime_addpart "(3),"
+.BR curl_mime_data "(3),"
 .BR curl_mime_name "(3)"

docs/libcurl/curl_mime_filedata.3

@@ -68,10 +68,10 @@ CURLE_OK or a CURL error code upon failure.
  curl_mime_filedata(part, "image.png");
 
  /* set name */
- curl_mime_name(part, "data", CURL_ZERO_TERMINATED);
+ curl_mime_name(part, "data");
 .fi
 .SH "SEE ALSO"
 .BR curl_mime_addpart "(3),"
 .BR curl_mime_data "(3),"
-.BR curl_mime_filename "(3)"
-.BR curl_mime_name "(3),"
+.BR curl_mime_filename "(3),"
+.BR curl_mime_name "(3)"

docs/libcurl/curl_mime_filename.3

@@ -64,9 +64,9 @@ CURLE_OK or a CURL error code upon failure.
  curl_mime_filename(part, "image.png");
 
  /* set name */
- curl_mime_name(part, "data", CURL_ZERO_TERMINATED);
+ curl_mime_name(part, "data");
 .fi
 .SH "SEE ALSO"
-.BR curl_mime_addpart "(3) "
-.BR curl_mime_filedata "(3) "
-.BR curl_mime_data "(3) "
+.BR curl_mime_addpart "(3),"
+.BR curl_mime_filedata "(3),"
+.BR curl_mime_data "(3)"

docs/libcurl/curl_mime_headers.3

@@ -59,7 +59,7 @@ CURLE_OK or a CURL error code upon failure.
  curl_mime_data(part, "12345679", CURL_ZERO_TERMINATED);
 
  /* set name */
- curl_mime_name(part, "numbers", CURL_ZERO_TERMINATED);
+ curl_mime_name(part, "numbers");
 .fi
 .SH "SEE ALSO"
 .BR curl_mime_addpart "(3)"

docs/libcurl/curl_mime_init.3

@@ -52,7 +52,7 @@ A mime struct handle, or NULL upon failure.
  mime = curl_mime_init(easy);
  part = curl_mime_addpart(mime);
  curl_mime_data(part, "This is the field data", CURL_ZERO_TERMINATED);
- curl_mime_name(part, "data", CURL_ZERO_TERMINATED);
+ curl_mime_name(part, "data");
 
  /* Post and send it. */
  curl_easy_setopt(easy, CURLOPT_MIMEPOST, mime);

docs/libcurl/curl_mime_name.3

@@ -25,21 +25,16 @@ curl_mime_name - set a mime part's name
 .SH SYNOPSIS
 .B #include <curl/curl.h>
 .sp
-.BI "CURLcode curl_mime_name(curl_mimepart * " part ", const char * " name
-.BI ", size_t " namesize ");"
+.BI "CURLcode curl_mime_name(curl_mimepart * " part ", const char * " name ");"
 .ad
 .SH DESCRIPTION
 \fIcurl_mime_name(3)\fP sets a mime part's name. This is the way HTTP form
 fields are named.
 
-\fIname\fP points to the name byte string; the string may contain nul bytes
-unless \fInamesize\fP is -1.
-
-\fInamesize\fP is the name length: it can be set to \fICURL_ZERO_TERMINATED\fP
-to indicate \fIname\fP is a nul-terminated string.
-
 \fIpart\fP is the part's handle to assign a name to.
 
+\fIname\fP points to the zero-terminated name string.
+
 The name string is copied into the part, thus the associated storage may
 safely be released or reused after call. Setting a part's name twice is valid:
 only the value set by the last call is retained. It is possible to "unname" a
@@ -60,9 +55,9 @@ CURLE_OK or a CURL error code upon failure.
  part = curl_mime_addpart(mime);
 
  /* give the part a name */
- curl_mime_name(part, "shoe_size", CURL_ZERO_TERMINATED);
+ curl_mime_name(part, "shoe_size");
 .fi
 .SH "SEE ALSO"
-.BR curl_mime_addpart "(3)"
-.BR curl_mime_data "(3)"
+.BR curl_mime_addpart "(3),"
+.BR curl_mime_data "(3),"
 .BR curl_mime_type "(3)"

docs/libcurl/curl_mime_type.3

@@ -75,9 +75,9 @@ CURLE_OK or a CURL error code upon failure.
  curl_mime_type(part, "image/png");
 
  /* set name */
- curl_mime_name(part, "image", CURL_ZERO_TERMINATED);
+ curl_mime_name(part, "image");
 .fi
 .SH "SEE ALSO"
-.BR curl_mime_addpart "(3)"
-.BR curl_mime_name "(3)"
+.BR curl_mime_addpart "(3),"
+.BR curl_mime_name "(3),"
 .BR curl_mime_data "(3)"

include/curl/curl.h

@@ -2009,8 +2009,7 @@ CURL_EXTERN curl_mimepart *curl_mime_addpart(curl_mime *mime);
  *
  * Set mime/form part name.
  */
-CURL_EXTERN CURLcode curl_mime_name(curl_mimepart *part,
-                                    const char *name, size_t namesize);
+CURL_EXTERN CURLcode curl_mime_name(curl_mimepart *part, const char *name);
 
 /*
  * NAME curl_mime_filename()

lib/formdata.c

@@ -636,12 +636,23 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
         }
         form->contenttype_alloc = TRUE;
       }
+      if(form->name && form->namelength) {
+        /* Name should not contain nul bytes. */
+        size_t i;
+        for(i = 0; i < form->namelength; i++)
+          if(!form->name[i]) {
+            return_value = CURL_FORMADD_NULL;
+            break;
+          }
+        if(return_value != CURL_FORMADD_OK)
+          break;
+      }
       if(!(form->flags & HTTPPOST_PTRNAME) &&
          (form == first_form) ) {
         /* Note that there's small risk that form->name is NULL here if the
            app passed in a bad combo, so we better check for that first. */
         if(form->name) {
-          /* copy name (without strdup; possibly contains null characters) */
+          /* copy name (without strdup; possibly not nul-terminated) */
           form->name = Curl_memdup(form->name, form->namelength?
                                    form->namelength:
                                    strlen(form->name) + 1);
@@ -814,6 +825,24 @@ void curl_formfree(struct curl_httppost *form)
 }
 
 
+/* Set mime part name, taking care of non nul-terminated name string. */
+static CURLcode setname(curl_mimepart *part, const char *name, size_t len)
+{
+  char *zname;
+  CURLcode res;
+
+  if(!name || !len)
+    return curl_mime_name(part, name);
+  zname = malloc(len + 1);
+  if(!zname)
+    return CURLE_OUT_OF_MEMORY;
+  memcpy(zname, name, len);
+  zname[len] = '\0';
+  res = curl_mime_name(part, zname);
+  free(zname);
+  return res;
+}
+
 /*
  * Curl_getformdata() converts a linked list of "meta data" into a mime
  * structure. The input list is in 'post', while the output is stored in
@@ -856,8 +885,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
       if(!part)
         result = CURLE_OUT_OF_MEMORY;
       if(!result)
-        result = curl_mime_name(part, post->name,
-                                post->namelength? post->namelength: -1);
+        result = setname(part, post->name, post->namelength);
       if(!result) {
         multipart = curl_mime_init(data);
         if(!multipart)
@@ -884,8 +912,7 @@ CURLcode Curl_getformdata(struct Curl_easy *data,
 
       /* Set field name. */
       if(!result && !post->more)
-        result = curl_mime_name(part, post->name,
-                                post->namelength? post->namelength: -1);
+        result = setname(part, post->name, post->namelength);
 
       /* Process contents. */
       if(!result) {

lib/mime.c

@@ -275,33 +275,25 @@ static void mimesetstate(mime_state *state, enum mimestate tok, void *ptr)
 
 
 /* Escape header string into allocated memory. */
-static char *escape_string(const char *src, size_t len)
+static char *escape_string(const char *src)
 {
-  size_t bytecount;
+  size_t bytecount = 0;
   size_t i;
   char *dst;
 
-  if(len == CURL_ZERO_TERMINATED)
-    len = strlen(src);
-
-  bytecount = len;
-  for(i = 0; i < len; i++)
-    if(src[i] == '"' || src[i] == '\\' || !src[i])
+  for(i = 0; src[i]; i++)
+    if(src[i] == '"' || src[i] == '\\')
       bytecount++;
 
+  bytecount += i;
   dst = malloc(bytecount + 1);
   if(!dst)
     return NULL;
 
-  for(i = 0; len; len--) {
-    char c = *src++;
-
-    if(c == '"' || c == '\\' || !c) {
+  for(i = 0; *src; src++) {
+    if(*src == '"' || *src == '\\')
       dst[i++] = '\\';
-      if(!c)
-        c = '0';
-    }
-    dst[i++] = c;
+    dst[i++] = *src;
   }
 
   dst[i] = '\0';
@@ -1199,26 +1191,18 @@ curl_mimepart *curl_mime_addpart(curl_mime *mime)
 }
 
 /* Set mime part name. */
-CURLcode curl_mime_name(curl_mimepart *part,
-                        const char *name, size_t namesize)
+CURLcode curl_mime_name(curl_mimepart *part, const char *name)
 {
   if(!part)
     return CURLE_BAD_FUNCTION_ARGUMENT;
 
   Curl_safefree(part->name);
   part->name = NULL;
-  part->namesize = 0;
 
   if(name) {
-    if(namesize == CURL_ZERO_TERMINATED)
-      namesize = strlen(name);
-    part->name = malloc(namesize + 1);
+    part->name = strdup(name);
     if(!part->name)
       return CURLE_OUT_OF_MEMORY;
-    if(namesize)
-      memcpy(part->name, name, namesize);
-    part->name[namesize] = '\0';
-    part->namesize = namesize;
   }
 
   return CURLE_OK;
@@ -1656,12 +1640,12 @@ CURLcode Curl_mime_prepare_headers(curl_mimepart *part,
       char *filename = NULL;
 
       if(part->name) {
-        name = escape_string(part->name, part->namesize);
+        name = escape_string(part->name);
         if(!name)
           ret = CURLE_OUT_OF_MEMORY;
       }
       if(!ret && part->filename) {
-        filename = escape_string(part->filename, CURL_ZERO_TERMINATED);
+        filename = escape_string(part->filename);
         if(!filename)
           ret = CURLE_OUT_OF_MEMORY;
       }
@@ -1745,12 +1729,10 @@ curl_mimepart *curl_mime_addpart(curl_mime *mime)
   return NULL;
 }
 
-CURLcode curl_mime_name(curl_mimepart *part,
-                        const char *name, size_t namesize)
+CURLcode curl_mime_name(curl_mimepart *part, const char *name)
 {
   (void) part;
   (void) name;
-  (void) namesize;
   return CURLE_NOT_BUILT_IN;
 }
 

lib/mime.h

@@ -111,7 +111,6 @@ struct curl_mimepart_s {
   char *mimetype;                  /* Part mime type. */
   char *filename;                  /* Remote file name. */
   char *name;                      /* Data name. */
-  size_t namesize;                 /* Data name size. */
   curl_off_t datasize;             /* Expected data size. */
   unsigned int flags;              /* Flags. */
   mime_state state;                /* Current readback state. */

src/tool_formparse.c

@@ -733,7 +733,7 @@ int formparse(struct OperationConfig *config,
     }
 
     /* Set part name. */
-    if(name && curl_mime_name(part, name, CURL_ZERO_TERMINATED)) {
+    if(name && curl_mime_name(part, name)) {
       warnf(config->global, "curl_mime_name failed!\n");
       Curl_safefree(contents);
       return 31;

src/tool_setopt.c

@@ -525,20 +525,10 @@ static CURLcode libcurl_generate_mime(curl_mime *mime, int *mimeno)
 
       if(part->name) {
         Curl_safefree(escaped);
-        escaped = c_escape(part->name, part->namesize);
+        escaped = c_escape(part->name, CURL_ZERO_TERMINATED);
         if(!escaped)
           return CURLE_OUT_OF_MEMORY;
-        /* Are there any nul byte in name? */
-        for(cp = part->name; *cp; cp++)
-          ;
-        if(cp != part->name + part->namesize) {
-          size = (curl_off_t) part->namesize;
-          CODE3("curl_mime_name(part%d, \"%s\", %" CURL_FORMAT_CURL_OFF_T ");",
-              *mimeno, escaped, size);
-        }
-        else
-          CODE2("curl_mime_name(part%d, \"%s\", CURL_ZERO_TERMINATED);",
-              *mimeno, escaped);
+        CODE2("curl_mime_name(part%d, \"%s\");", *mimeno, escaped);
       }
 
       if(part->mimetype) {

tests/data/test1135

@@ -33,7 +33,7 @@ CURL_EXTERN int curl_strnequal(const char *s1, const char *s2, size_t n);
 CURL_EXTERN curl_mime *curl_mime_init(CURL *easy);
 CURL_EXTERN void curl_mime_free(curl_mime *mime);
 CURL_EXTERN curl_mimepart *curl_mime_addpart(curl_mime *mime);
-CURL_EXTERN CURLcode curl_mime_name(curl_mimepart *part,
+CURL_EXTERN CURLcode curl_mime_name(curl_mimepart *part, const char *name);
 CURL_EXTERN CURLcode curl_mime_filename(curl_mimepart *part,
 CURL_EXTERN CURLcode curl_mime_type(curl_mimepart *part, const char *mimetype);
 CURL_EXTERN CURLcode curl_mime_encoder(curl_mimepart *part,

tests/data/test1404

@@ -125,7 +125,7 @@ int main(int argc, char *argv[])
   mime1 = curl_mime_init(hnd);
   part1 = curl_mime_addpart(mime1);
   curl_mime_data(part1, "value", CURL_ZERO_TERMINATED);
-  curl_mime_name(part1, "name", CURL_ZERO_TERMINATED);
+  curl_mime_name(part1, "name");
   part1 = curl_mime_addpart(mime1);
   mime2 = curl_mime_init(hnd);
   part2 = curl_mime_addpart(mime2);
@@ -140,7 +140,7 @@ int main(int argc, char *argv[])
   slist1 = NULL;
   curl_mime_subparts(part1, mime2);
   mime2 = NULL;
-  curl_mime_name(part1, "file", CURL_ZERO_TERMINATED);
+  curl_mime_name(part1, "file");
   curl_easy_setopt(hnd, CURLOPT_MIMEPOST, mime1);
   curl_easy_setopt(hnd, CURLOPT_USERAGENT, "stripped");
   curl_easy_setopt(hnd, CURLOPT_MAXREDIRS, 50L);

tests/libtest/lib643.c

@@ -113,7 +113,7 @@ static int once(char *URL, bool oldstyle)
 
   /* Fill in the file upload part */
   if(oldstyle) {
-    res = curl_mime_name(part, "sendfile", CURL_ZERO_TERMINATED);
+    res = curl_mime_name(part, "sendfile");
     if(!res)
       res = curl_mime_data_cb(part, datasize, read_callback,
                               NULL, NULL, &pooh);
@@ -122,7 +122,7 @@ static int once(char *URL, bool oldstyle)
   }
   else {
     /* new style */
-    res = curl_mime_name(part, "sendfile alternative", CURL_ZERO_TERMINATED);
+    res = curl_mime_name(part, "sendfile alternative");
     if(!res)
       res = curl_mime_data_cb(part, datasize, read_callback,
                               NULL, NULL, &pooh);
@@ -151,7 +151,7 @@ static int once(char *URL, bool oldstyle)
     return TEST_ERR_MAJOR_BAD;
   }
   /* Fill in the file upload part */
-  res = curl_mime_name(part, "callbackdata", CURL_ZERO_TERMINATED);
+  res = curl_mime_name(part, "callbackdata");
   if(!res)
     res = curl_mime_data_cb(part, datasize, read_callback,
                             NULL, NULL, &pooh2);
@@ -169,7 +169,7 @@ static int once(char *URL, bool oldstyle)
   }
 
   /* Fill in the filename field */
-  res = curl_mime_name(part, "filename", CURL_ZERO_TERMINATED);
+  res = curl_mime_name(part, "filename");
   if(!res)
     res = curl_mime_data(part,
 #ifdef CURL_DOES_CONVERSIONS
@@ -193,7 +193,7 @@ static int once(char *URL, bool oldstyle)
     curl_global_cleanup();
     return TEST_ERR_MAJOR_BAD;
   }
-  res = curl_mime_name(part, "submit", CURL_ZERO_TERMINATED);
+  res = curl_mime_name(part, "submit");
   if(!res)
     res = curl_mime_data(part,
 #ifdef CURL_DOES_CONVERSIONS
@@ -216,7 +216,7 @@ static int once(char *URL, bool oldstyle)
     curl_global_cleanup();
     return TEST_ERR_MAJOR_BAD;
   }
-  res = curl_mime_name(part, "somename", CURL_ZERO_TERMINATED);
+  res = curl_mime_name(part, "somename");
   if(!res)
     res = curl_mime_filename(part, "somefile.txt");
   if(!res)