Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the

case when 401 or 407 are returned, *IF* no auth credentials have been given.
The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401
and 407 cases when auth credentials is given, but we've now covered this
somewhat more.

You might get some amounts of headers transferred before this situation is
detected, like for when a "100-continue" is received as a response to a
POST/PUT and a 401 or 407 is received immediately afterwards.

Added test 281 to verify this change.

CHANGES

@@ -6,6 +6,19 @@
 
                                   Changelog
 
+Daniel (25 October 2006)
+- Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the
+  case when 401 or 407 are returned, *IF* no auth credentials have been given.
+  The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401
+  and 407 cases when auth credentials is given, but we've now covered this
+  somewhat more.
+
+  You might get some amounts of headers transferred before this situation is
+  detected, like for when a "100-continue" is received as a response to a
+  POST/PUT and a 401 or 407 is received immediately afterwards.
+
+  Added test 281 to verify this change.
+
 Daniel (23 October 2006)
 - Ravi Pratap provided a major update with pipelining fixes. We also no longer
   re-use connections (for pipelining) before the name resolving is done.

RELEASE-NOTES

@@ -12,9 +12,9 @@ Curl and libcurl 7.16.0
 This release includes the following changes:
  
  o Added CURLE_SSL_CACERT_BADFILE
- o Added CURLMOPT_TIMERFUNCTION
- o The CURLOPT_SOURCE_* options are removed and so are the --3p* command line
-   options
+ o Added CURLMOPT_TIMERFUNCTION and CURLMOPT_TIMERDATA
+ o (FTP) the CURLOPT_SOURCE_* options are removed and so are the --3p* command
+   line options
  o curl_multi_socket() and family are suitable to start using
  o uses WSAPoll() on Windows Vista
  o (FTP) --ftp-ssl-control was added
@@ -28,6 +28,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o (HTTP) CURLOPT_FAILONERROR (curl -f) covers a few more reponse cases
  o curl_multi_socket() and the LOW_SPEED options
  o curl_multi_socket() expire timer during c-ares name resolves
  o curl_multi_add_handle on an already added handle now fails gracefully

docs/curl.1

@@ -359,6 +359,10 @@ normal cases when a HTTP server fails to deliver a document, it returns an
 HTML document stating so (which often also describes why and more). This flag
 will prevent curl from outputting that and return error 22.
 
+This method is not fail-safe and there are occasions where non-succesful
+response codes will slip through, especially when authentication is involved
+(response codes 401 and 407).
+
 If this option is used twice, the second will again disable silent failure.
 .IP "--ftp-account [data]"
 (FTP) When an FTP server asks for "account data" after user name and password

docs/libcurl/curl_easy_setopt.3

@@ -344,6 +344,14 @@ when showing the progress meter and displaying \fICURLOPT_VERBOSE\fP data.
 A non-zero parameter tells the library to fail silently if the HTTP code
 returned is equal to or larger than 400. The default action would be to return
 the page normally, ignoring that code.
+
+This method is not fail-safe and there are occasions where non-succesful
+response codes will slip through, especially when authentication is involved
+(response codes 401 and 407).
+
+You might get some amounts of headers transferred before this situation is
+detected, like for when a "100-continue" is received as a response to a
+POST/PUT and a 401 or 407 is received immediately afterwards.
 .SH NETWORK OPTIONS
 .IP CURLOPT_URL
 The actual URL to deal with. The parameter should be a char * to a zero

lib/transfer.c

@@ -675,10 +675,9 @@ CURLcode Curl_readwrite(struct connectdata *conn,
                  * depending on how authentication is working.  Other codes
                  * are definitely errors, so give up here.
                  */
-                if (data->set.http_fail_on_error &&
-                    (k->httpcode >= 400) &&
-                    (k->httpcode != 401) &&
-                    (k->httpcode != 407)) {
+                if (data->set.http_fail_on_error && (k->httpcode >= 400) &&
+                    ((k->httpcode != 401) || !data->set.userpwd) &&
+                    ((k->httpcode != 407) || !data->set.proxyuserpwd) ) {
 
                   if (data->reqdata.resume_from &&
                       (data->set.httpreq==HTTPREQ_GET) &&

tests/data/Makefile.am

@@ -36,4 +36,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	   \
  test265 test266 test267 test268 test269 test270 test271 test272 test273   \
  test274 test275 test524 test525 test276 test277 test526 test527 test528   \
  test530 DISABLED test278 test279 test531 test280 test529 test532 test533  \
- test534 test535
+ test534 test535 test281

tests/data/test281

@@ -0,0 +1,63 @@
+<info>
+<keywords>
+HTTP
+HTTP PUT
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 100 Continue
+
+HTTP/1.1 401 Bad Auth swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+WWW-Authenticate: Basic Realm=authenticate
+Server: test-server/fake
+</data>
+<datacheck>
+HTTP/1.1 100 Continue
+
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP PUT from file with 100 + 401 responses and -f without auth given
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/281 -f -T log/test281.txt
+</command>
+<file name="log/test281.txt">
+Weird
+     file
+         to
+   upload
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+22
+</errorcode>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+PUT /we/want/281 HTTP/1.1
+Host: 127.0.0.1:%HTTPPORT
+Accept: */*
+Content-Length: 38
+Expect: 100-continue
+
+Weird
+     file
+         to
+   upload
+</protocol>
+</verify>