From 61788a0389962ecf22b3711b142a1e6783359bf1 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 4 Apr 2003 12:24:01 +0000
Subject: [PATCH] Changed how boundary strings are generated. This new way uses
 28 dashes and 12 following hexadecimal letters, which seems to be what IE
 uses. This makes curl work smoother with more stupidly written server apps.

Worked this out together with Martijn Broenland.
---
 lib/formdata.c | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/lib/formdata.c b/lib/formdata.c
index 5e961440ae..46dd454fa2 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -128,11 +128,8 @@ Content-Disposition: form-data; name="FILECONTENT"
 #include "memdebug.h"
 #endif
 
-/* Length of the random boundary string. The risk of this being used
-   in binary data is very close to zero, 64^32 makes
-   6277101735386680763835789423207666416102355444464034512896
-   combinations... */
-#define BOUNDARY_LENGTH 32
+/* Length of the random boundary string. */
+#define BOUNDARY_LENGTH 40
 
 /* What kind of Content-Type to use on un-specified files with unrecognized
    extensions. */
@@ -1049,22 +1046,23 @@ char *Curl_FormBoundary(void)
 			      the same form won't be identical */
   int i;
 
-  static char table62[]=
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  static char table16[]="abcdef0123456789";
 
-  retstring = (char *)malloc(BOUNDARY_LENGTH);
+  retstring = (char *)malloc(BOUNDARY_LENGTH+1);
 
   if(!retstring)
     return NULL; /* failed */
 
   srand(time(NULL)+randomizer++); /* seed */
 
-  strcpy(retstring, "curl"); /* bonus commercials 8*) */
+  strcpy(retstring, "----------------------------");
 
-  for(i=4; i<(BOUNDARY_LENGTH-1); i++) {
-    retstring[i] = table62[rand()%62];
-  }
-  retstring[BOUNDARY_LENGTH-1]=0; /* zero terminate */
+  for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++)
+    retstring[i] = table16[rand()%16];
+
+  /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416)
+     combinations */
+  retstring[BOUNDARY_LENGTH]=0; /* zero terminate */
 
   return retstring;
 }
-- 
GitLab