mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 15:48:49 -05:00
Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't
send the whole request at once, even though the Expect: header was disabled by the application. An effect of this change is also that small (< 1024 bytes) POSTs are now always sent without Expect: header since we deem it more costly to bother about that than the risk that we send the data in vain.
This commit is contained in:
parent
839441e236
commit
490cccba3c
10
CHANGES
10
CHANGES
@ -6,6 +6,14 @@
|
||||
|
||||
Changelog
|
||||
|
||||
Daniel (19 August 2006)
|
||||
- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't
|
||||
send the whole request at once, even though the Expect: header was disabled
|
||||
by the application. An effect of this change is also that small (< 1024
|
||||
bytes) POSTs are now always sent without Expect: header since we deem it
|
||||
more costly to bother about that than the risk that we send the data in
|
||||
vain.
|
||||
|
||||
Daniel (9 August 2006)
|
||||
- Armel Asselin made the CURLOPT_PREQUOTE option work fine even when
|
||||
CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place
|
||||
@ -13,7 +21,7 @@ Daniel (9 August 2006)
|
||||
transfer.
|
||||
|
||||
Daniel (8 August 2006)
|
||||
- - Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
|
||||
- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
|
||||
on a persistent connection and allowed the first to use that header, you
|
||||
could not disable it for the second request.
|
||||
|
||||
|
@ -29,6 +29,6 @@ New curl mirrors:
|
||||
This release would not have looked like this without help, code, reports and
|
||||
advice from friends like these:
|
||||
|
||||
Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse
|
||||
Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse, Andrew Biggs
|
||||
|
||||
Thanks! (and sorry if I forgot to mention someone)
|
||||
|
34
lib/http.c
34
lib/http.c
@ -2249,16 +2249,24 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
|
||||
|
||||
if(data->set.postfields) {
|
||||
|
||||
if((data->state.authhost.done || data->state.authproxy.done )
|
||||
&& (postsize < MAX_INITIAL_POST_SIZE)) {
|
||||
/* If we're not done with the authentication phase, we don't expect
|
||||
to actually send off any data yet. Hence, we delay the sending of
|
||||
the body until we receive that friendly 100-continue response */
|
||||
/* for really small posts we don't use Expect: headers at all, and for
|
||||
the somewhat bigger ones we allow the app to disable it */
|
||||
if(postsize > TINY_INITIAL_POST_SIZE) {
|
||||
result = expect100(data, req_buffer);
|
||||
if(result)
|
||||
return result;
|
||||
}
|
||||
else
|
||||
data->state.expect100header = FALSE;
|
||||
|
||||
/* The post data is less than MAX_INITIAL_PORT_SIZE, then append it
|
||||
to the header. This limit is no magic limit but only set to
|
||||
prevent really huge POSTs to get the data duplicated with
|
||||
malloc() and family. */
|
||||
if(!data->state.expect100header &&
|
||||
(postsize < MAX_INITIAL_POST_SIZE)) {
|
||||
/* if we don't use expect:-100 AND
|
||||
postsize is less than MAX_INITIAL_POST_SIZE
|
||||
|
||||
then append the post data to the HTTP request header. This limit
|
||||
is no magic limit but only set to prevent really huge POSTs to
|
||||
get the data duplicated with malloc() and family. */
|
||||
|
||||
result = add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
|
||||
if(result)
|
||||
@ -2297,18 +2305,10 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
|
||||
/* set the upload size to the progress meter */
|
||||
Curl_pgrsSetUploadSize(data, http->postsize);
|
||||
|
||||
result = expect100(data, req_buffer);
|
||||
if(result)
|
||||
return result;
|
||||
|
||||
add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
|
||||
}
|
||||
}
|
||||
else {
|
||||
result = expect100(data, req_buffer);
|
||||
if(result)
|
||||
return result;
|
||||
|
||||
add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
|
||||
|
||||
if(data->set.postfieldsize) {
|
||||
|
@ -74,7 +74,11 @@ int Curl_http_should_fail(struct connectdata *conn);
|
||||
It must not be greater than 64K to work on VMS.
|
||||
*/
|
||||
#ifndef MAX_INITIAL_POST_SIZE
|
||||
#define MAX_INITIAL_POST_SIZE 1024
|
||||
#define MAX_INITIAL_POST_SIZE (64*1024)
|
||||
#endif
|
||||
|
||||
#ifndef TINY_INITIAL_POST_SIZE
|
||||
#define TINY_INITIAL_POST_SIZE 1024
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
@ -39,7 +39,6 @@ Host: 127.0.0.1:%HTTPPORT
|
||||
Accept: */*
|
||||
Content-Length: 45
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Expect: 100-continue
|
||||
|
||||
this is what we post to the silly web server
|
||||
</protocol>
|
||||
|
@ -39,7 +39,6 @@ Host: 127.0.0.1:%HTTPPORT
|
||||
Accept: */*
|
||||
Transfer-Encoding: chunked
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Expect: 100-continue
|
||||
|
||||
3
|
||||
one
|
||||
|
@ -30,7 +30,6 @@ Host: 127.0.0.1:%HTTPPORT
|
||||
Accept: */*
|
||||
Content-Length: 1
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Expect: 100-continue
|
||||
|
||||
</protocol>
|
||||
# 42 - aborted by callback
|
||||
|
@ -40,7 +40,6 @@ Host: 127.0.0.1:%HTTPPORT
|
||||
Accept: */*
|
||||
Content-Length: 0
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Expect: 100-continue
|
||||
|
||||
</protocol>
|
||||
</verify>
|
||||
|
Loading…
Reference in New Issue
Block a user