From: Robert W. Van Kirk <robert@rwvk.tech>
Date: Sat, 6 Dec 2025 18:00:00 +0000 (-0600)
Subject: formdata: validate callback is non-NULL before use
X-Git-Tag: rc-8_18_0-2~115
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c0822e8cb4ba96e4bf555d4c46bcae1d85ca343;p=thirdparty%2Fcurl.git

formdata: validate callback is non-NULL before use

curl_formget() accepts a user-provided callback function but does not
validate it is non-NULL before calling it. If a caller passes NULL,
the function will crash with SIGSEGV.

Add NULL check at the start of the function to return an appropriate
error code instead of crashing.

Signed-off-by: Robert W. Van Kirk <robert@rwvk.tech>
Closes #19858
---

diff --git a/lib/formdata.c b/lib/formdata.c
index b0c57b8d6f..8f95fc3df0 100644
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -636,6 +636,10 @@ int curl_formget(struct curl_httppost *form, void *arg,
   CURLcode result;
   curl_mimepart toppart;
 
+  /* Validate callback is provided */
+  if(!append)
+    return (int)CURLE_BAD_FUNCTION_ARGUMENT;
+
   Curl_mime_initpart(&toppart); /* default form is empty */
   result = Curl_getformdata(NULL, &toppart, form, NULL);
   if(!result)