1From a64e3e59938abd7d667e4470a18072a24d7e9de9 Mon Sep 17 00:00:00 2001 2From: Daniel Stenberg <daniel@haxx.se> 3Date: Thu, 15 Sep 2022 09:22:45 +0200 4Subject: [PATCH] setopt: when POST is set, reset the 'upload' field 5 6Reported-by: RobBotic1 on github 7Fixes #9507 8Closes #9511 9 10CVE: CVE-2022-32221 11Upstream-Status: Backport [https://github.com/curl/curl/commit/a64e3e59938abd7d667e4470a18072a24d7e9de9] 12Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> 13--- 14 lib/setopt.c | 1 + 15 1 file changed, 1 insertion(+) 16 17diff --git a/lib/setopt.c b/lib/setopt.c 18index 03c4efdbf1e58..7289a4e78bdd0 100644 19--- a/lib/setopt.c 20+++ b/lib/setopt.c 21@@ -700,6 +700,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) 22 } 23 else 24 data->set.method = HTTPREQ_GET; 25+ data->set.upload = FALSE; 26 break; 27 28 case CURLOPT_HTTPPOST: 29