1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 15:48:49 -05:00

Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't

send the whole request at once, even though the Expect: header was disabled
by the application. An effect of this change is also that small (< 1024
bytes) POSTs are now always sent without Expect: header since we deem it
more costly to bother about that than the risk that we send the data in
vain.
This commit is contained in:
Daniel Stenberg 2006-08-18 22:54:57 +00:00
parent 839441e236
commit 490cccba3c
8 changed files with 32 additions and 24 deletions

10
CHANGES
View File

@ -6,6 +6,14 @@
Changelog
Daniel (19 August 2006)
- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't
send the whole request at once, even though the Expect: header was disabled
by the application. An effect of this change is also that small (< 1024
bytes) POSTs are now always sent without Expect: header since we deem it
more costly to bother about that than the risk that we send the data in
vain.
Daniel (9 August 2006)
- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when
CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place
@ -13,7 +21,7 @@ Daniel (9 August 2006)
transfer.
Daniel (8 August 2006)
- - Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
on a persistent connection and allowed the first to use that header, you
could not disable it for the second request.

View File

@ -29,6 +29,6 @@ New curl mirrors:
This release would not have looked like this without help, code, reports and
advice from friends like these:
Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse
Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse, Andrew Biggs
Thanks! (and sorry if I forgot to mention someone)

View File

@ -2249,16 +2249,24 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
if(data->set.postfields) {
if((data->state.authhost.done || data->state.authproxy.done )
&& (postsize < MAX_INITIAL_POST_SIZE)) {
/* If we're not done with the authentication phase, we don't expect
to actually send off any data yet. Hence, we delay the sending of
the body until we receive that friendly 100-continue response */
/* for really small posts we don't use Expect: headers at all, and for
the somewhat bigger ones we allow the app to disable it */
if(postsize > TINY_INITIAL_POST_SIZE) {
result = expect100(data, req_buffer);
if(result)
return result;
}
else
data->state.expect100header = FALSE;
/* The post data is less than MAX_INITIAL_PORT_SIZE, then append it
to the header. This limit is no magic limit but only set to
prevent really huge POSTs to get the data duplicated with
malloc() and family. */
if(!data->state.expect100header &&
(postsize < MAX_INITIAL_POST_SIZE)) {
/* if we don't use expect:-100 AND
postsize is less than MAX_INITIAL_POST_SIZE
then append the post data to the HTTP request header. This limit
is no magic limit but only set to prevent really huge POSTs to
get the data duplicated with malloc() and family. */
result = add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
if(result)
@ -2297,18 +2305,10 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
/* set the upload size to the progress meter */
Curl_pgrsSetUploadSize(data, http->postsize);
result = expect100(data, req_buffer);
if(result)
return result;
add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
}
}
else {
result = expect100(data, req_buffer);
if(result)
return result;
add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
if(data->set.postfieldsize) {

View File

@ -74,7 +74,11 @@ int Curl_http_should_fail(struct connectdata *conn);
It must not be greater than 64K to work on VMS.
*/
#ifndef MAX_INITIAL_POST_SIZE
#define MAX_INITIAL_POST_SIZE 1024
#define MAX_INITIAL_POST_SIZE (64*1024)
#endif
#ifndef TINY_INITIAL_POST_SIZE
#define TINY_INITIAL_POST_SIZE 1024
#endif
#endif

View File

@ -39,7 +39,6 @@ Host: 127.0.0.1:%HTTPPORT
Accept: */*
Content-Length: 45
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
this is what we post to the silly web server
</protocol>

View File

@ -39,7 +39,6 @@ Host: 127.0.0.1:%HTTPPORT
Accept: */*
Transfer-Encoding: chunked
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
3
one

View File

@ -30,7 +30,6 @@ Host: 127.0.0.1:%HTTPPORT
Accept: */*
Content-Length: 1
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
</protocol>
# 42 - aborted by callback

View File

@ -40,7 +40,6 @@ Host: 127.0.0.1:%HTTPPORT
Accept: */*
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
</protocol>
</verify>