Changed how boundary strings are generated. This new way uses 28 dashes

and 12 following hexadecimal letters, which seems to be what IE uses.
This makes curl work smoother with more stupidly written server apps.

Worked this out together with Martijn Broenland.

diff --git a/lib/formdata.c b/lib/formdata.c
index 5e961440aee47face19645fe6aa905967dafb15e..46dd454fa2f19fa61eaf3ad91c6fca11bcda3ec6 100644 (file)
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -128,11 +128,8 @@ Content-Disposition: form-data; name="FILECONTENT"
 #include "memdebug.h"
 #endif
 
-/* Length of the random boundary string. The risk of this being used
-   in binary data is very close to zero, 64^32 makes
-   6277101735386680763835789423207666416102355444464034512896
-   combinations... */
-#define BOUNDARY_LENGTH 32
+/* Length of the random boundary string. */
+#define BOUNDARY_LENGTH 40
 
 /* What kind of Content-Type to use on un-specified files with unrecognized
    extensions. */
@@ -1049,22 +1046,23 @@ char *Curl_FormBoundary(void)
                              the same form won't be identical */
   int i;
 
-  static char table62[]=
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+  static char table16[]="abcdef0123456789";
 
-  retstring = (char *)malloc(BOUNDARY_LENGTH);
+  retstring = (char *)malloc(BOUNDARY_LENGTH+1);
 
   if(!retstring)
     return NULL; /* failed */
 
   srand(time(NULL)+randomizer++); /* seed */
 
-  strcpy(retstring, "curl"); /* bonus commercials 8*) */
+  strcpy(retstring, "----------------------------");
 
-  for(i=4; i<(BOUNDARY_LENGTH-1); i++) {
-    retstring[i] = table62[rand()%62];
-  }
-  retstring[BOUNDARY_LENGTH-1]=0; /* zero terminate */
+  for(i=strlen(retstring); i<BOUNDARY_LENGTH; i++)
+    retstring[i] = table16[rand()%16];
+
+  /* 28 dashes and 12 hexadecimal digits makes 12^16 (184884258895036416)
+     combinations */
+  retstring[BOUNDARY_LENGTH]=0; /* zero terminate */
 
   return retstring;
 }