From a5b7e3205d33f08e8c906e0c6337f09df20a0c4a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 19 Apr 2010 16:19:36 +0200 Subject: [PATCH 1/3] Curl_HMAC_MD5: fix the array init to not warn with picky compilers --- lib/md5.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/lib/md5.c b/lib/md5.c index 0908cd8a8..3f715ba9c 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -371,13 +371,15 @@ static void Decode (UINT4 *output, #endif /* USE_GNUTLS */ -const HMAC_params Curl_HMAC_MD5[1] = { - (HMAC_hinit_func) MD5_Init, /* Hash initialization function. */ - (HMAC_hupdate_func) MD5_Update, /* Hash update function. */ - (HMAC_hfinal_func) MD5_Final, /* Hash computation end function. */ - sizeof(MD5_CTX), /* Size of hash context structure. */ - 64, /* Maximum key length. */ - 16 /* Result size. */ +const HMAC_params Curl_HMAC_MD5[] = { + { + (HMAC_hinit_func) MD5_Init, /* Hash initialization function. */ + (HMAC_hupdate_func) MD5_Update, /* Hash update function. */ + (HMAC_hfinal_func) MD5_Final, /* Hash computation end function. */ + sizeof(MD5_CTX), /* Size of hash context structure. */ + 64, /* Maximum key length. */ + 16 /* Result size. */ + } }; From 47dda4a1d43c9341753388ab3babb0d27cf34840 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 19 Apr 2010 17:05:46 +0200 Subject: [PATCH 2/3] parse_filename: strip trailing CRs and LFs The feature that uses the file name given in a Content-disposition: header didn't properly skip trailing carriage returns and linefeed characters from the end of the file name when it was given without quotes. --- src/main.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/src/main.c b/src/main.c index 0670b5f5c..b7e438b1e 100644 --- a/src/main.c +++ b/src/main.c @@ -4200,9 +4200,26 @@ parse_filename(char *ptr, size_t len) } } - q = strrchr(p, quote); - if (q) - *q = 0; + if(quote) { + /* if the file name started with a quote, then scan for the end quote and + stop there */ + q = strrchr(p, quote); + if (q) + *q = 0; + } + else + q = NULL; /* no start quote, so no end has been found */ + + if(!q) { + /* make sure the file name doesn't end in \r or \n */ + q = strchr(p, '\r'); + if(q) + *q = 0; + + q = strchr(p, '\n'); + if(q) + *q = 0; + } if (copy!=p) memmove(copy, p, strlen(p)+1); From e5b3246d0a5c08a3afb0d82c96bb4b5ed1e5e159 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 19 Apr 2010 17:08:27 +0200 Subject: [PATCH 3/3] changelog: -J/--remote-header-name strips CRLF --- CHANGES | 4 ++++ RELEASE-NOTES | 1 + 2 files changed, 5 insertions(+) diff --git a/CHANGES b/CHANGES index dda8a4cbc..919a3d655 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,10 @@ Changelog +Daniel Stenberg (19 Apr 2010) +- -J/--remote-header-name didn't strip trailing carriage returns or linefeeds + properly, so they could be used in the file name. + Daniel Stenberg (16 Apr 2010) - Jerome Vouillon made the GnuTLS SSL handshake phase non-blocking. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 3117bf8b7..e496826f2 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -17,6 +17,7 @@ This release includes the following bugfixes: o detect GSS on ancient Linux distros o GnuTLS: EOF caused error when it wasn't o GnuTLS: SSL handshake phase is non-blocking + o -J/--remote-header-name strips CRLF This release includes the following known bugs: