From f4a761fb66512fff59798765e8ac5b9e57dceef0 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Fri, 27 Dec 2024 18:00:39 -0600
Subject: [PATCH] soup_message_headers_get_content_disposition: strdup
 truncated filenames

This table frees the strings it contains.

Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0]
CVE: CVE-2025-32911 CVE-2025-32913
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 libsoup/soup-message-headers.c | 2 +-
 tests/header-parsing-test.c    | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c
index 04f4c302..ee7a3cb1 100644
--- a/libsoup/soup-message-headers.c
+++ b/libsoup/soup-message-headers.c
@@ -1664,7 +1664,7 @@ soup_message_headers_get_content_disposition (SoupMessageHeaders  *hdrs,
                         char *filename = strrchr (orig_value, '/');
 
                         if (filename)
-                                g_hash_table_insert (*params, g_strdup (orig_key), filename + 1);
+                                g_hash_table_insert (*params, g_strdup (orig_key), g_strdup (filename + 1));
                 } else {
                         /* filename with no value isn't valid. */
                         g_hash_table_remove (*params, "filename");
diff --git a/tests/header-parsing-test.c b/tests/header-parsing-test.c
index d0b360c8..07ea2866 100644
--- a/tests/header-parsing-test.c
+++ b/tests/header-parsing-test.c
@@ -1150,6 +1150,7 @@ do_content_disposition_tests (void)
 		soup_test_assert (FALSE, "empty filename decoding FAILED");
 		return;
 	}
+        g_free (disposition);
         g_assert_false (g_hash_table_contains (params, "filename"));
 	g_hash_table_destroy (params);
 
-- 
GitLab