1769307 – curl fails while attempting to POST a char device

Bug 1769307 - curl fails while attempting to POST a char device

Summary: curl fails while attempting to POST a char device

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	curl
Sub Component:
Version:	7.7
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	medium
Target Milestone:	pre-dev-freeze
Target Release:	7.8
Assignee:	Kamil Dudka
QA Contact:	Daniel Rusek
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1780029
TreeView+	depends on / blocked

Reported:	2019-11-06 11:07 UTC by Christophe Besson
Modified:	2020-03-31 19:38 UTC (History)
CC List:	3 users (show)
Fixed In Version:	curl-7.29.0-57.el7
Doc Type:	Bug Fix
Doc Text:	Cause: The check for uploaded file in libcurl was overly strict. Consequence: libcurl was not able to upload content of char devices. Fix: The check for uploaded file in libcurl has been relaxed. Result: libcurl is now able to upload content of char devices.
Clone Of:
Clones:	1780029 (view as bug list)
Environment:
Last Closed:	2020-03-31 19:38:40 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	curl/curl/commit/26eaa8383001219e7cd14a153dff95ea9274be6e	None	None	None	2020-06-09 07:13:57 UTC
Red Hat Knowledge Base (Solution)	4558021	None	None	None	2019-11-06 12:11:39 UTC
Red Hat Product Errata	RHSA-2020:1020	None	None	None	2020-03-31 19:38:54 UTC

Description Christophe Besson 2019-11-06 11:07:17 UTC

Description of problem:
Between curl 7.19 (RHEL 6) and curl 7.29 (RHEL 7), a patch has been added to prevent a user to POST a directory. This also prevents to POST a char device.

curl: (43) A libcurl function was given a bad argument

Version-Release number of selected component (if applicable):
curl-7.29.0-54.el7.x86_64

How reproducible:
curl --form content="@/dev/null" http://form.example.org

Actual results:
curl: (43) A libcurl function was given a bad argument

Expected results:
Should work like on RHEL6, or on RHEL8 (but this part of code has been refactored in this release [7.61]).

Additional info:
An upstream patch which has been merged on the 7.29 version should fixes the issue.

https://github.com/curl/curl/commit/26eaa8383001219e7cd14a153dff95ea9274be6e

Comment 2 Kamil Dudka 2019-11-06 11:22:59 UTC

Thanks for the link!  This should be safe to backport for RHEL-7.

Comment 3 Christophe Besson 2019-11-06 11:41:52 UTC

Just to confirm I just tried a backport and it works for me.

Comment 15 errata-xmlrpc 2020-03-31 19:38:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1020

Note You need to log in before you can comment on or make changes to this bug.