From cde5e35d9b046b224c64936c432d67c9de8bcc9e Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 25 Oct 2006 20:40:14 +0000
Subject: [PATCH] Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR
 even for the case when 401 or 407 are returned, *IF* no auth credentials have
 been given. The CURLOPT_FAILONERROR option is not possible to make fool-proof
 for 401 and 407 cases when auth credentials is given, but we've now covered
 this somewhat more.

You might get some amounts of headers transferred before this situation is
detected, like for when a "100-continue" is received as a response to a
POST/PUT and a 401 or 407 is received immediately afterwards.

Added test 281 to verify this change.
---
 CHANGES                         | 13 +++++++
 RELEASE-NOTES                   |  7 ++--
 docs/curl.1                     |  4 +++
 docs/libcurl/curl_easy_setopt.3 |  8 +++++
 lib/transfer.c                  |  7 ++--
 tests/data/Makefile.am          |  2 +-
 tests/data/test281              | 63 +++++++++++++++++++++++++++++++++
 7 files changed, 96 insertions(+), 8 deletions(-)
 create mode 100644 tests/data/test281

diff --git a/CHANGES b/CHANGES
index 6199e9c8e..462841d2c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,19 @@
 
                                   Changelog
 
+Daniel (25 October 2006)
+- Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the
+  case when 401 or 407 are returned, *IF* no auth credentials have been given.
+  The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401
+  and 407 cases when auth credentials is given, but we've now covered this
+  somewhat more.
+
+  You might get some amounts of headers transferred before this situation is
+  detected, like for when a "100-continue" is received as a response to a
+  POST/PUT and a 401 or 407 is received immediately afterwards.
+
+  Added test 281 to verify this change.
+
 Daniel (23 October 2006)
 - Ravi Pratap provided a major update with pipelining fixes. We also no longer
   re-use connections (for pipelining) before the name resolving is done.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 0f879182c..e2b9c1ba5 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -12,9 +12,9 @@ Curl and libcurl 7.16.0
 This release includes the following changes:
  
  o Added CURLE_SSL_CACERT_BADFILE
- o Added CURLMOPT_TIMERFUNCTION
- o The CURLOPT_SOURCE_* options are removed and so are the --3p* command line
-   options
+ o Added CURLMOPT_TIMERFUNCTION and CURLMOPT_TIMERDATA
+ o (FTP) the CURLOPT_SOURCE_* options are removed and so are the --3p* command
+   line options
  o curl_multi_socket() and family are suitable to start using
  o uses WSAPoll() on Windows Vista
  o (FTP) --ftp-ssl-control was added
@@ -28,6 +28,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o (HTTP) CURLOPT_FAILONERROR (curl -f) covers a few more reponse cases
  o curl_multi_socket() and the LOW_SPEED options
  o curl_multi_socket() expire timer during c-ares name resolves
  o curl_multi_add_handle on an already added handle now fails gracefully
diff --git a/docs/curl.1 b/docs/curl.1
index 24471d517..1305901b0 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -359,6 +359,10 @@ normal cases when a HTTP server fails to deliver a document, it returns an
 HTML document stating so (which often also describes why and more). This flag
 will prevent curl from outputting that and return error 22.
 
+This method is not fail-safe and there are occasions where non-succesful
+response codes will slip through, especially when authentication is involved
+(response codes 401 and 407).
+
 If this option is used twice, the second will again disable silent failure.
 .IP "--ftp-account [data]"
 (FTP) When an FTP server asks for "account data" after user name and password
diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3
index 141323cf6..40ec28826 100644
--- a/docs/libcurl/curl_easy_setopt.3
+++ b/docs/libcurl/curl_easy_setopt.3
@@ -344,6 +344,14 @@ when showing the progress meter and displaying \fICURLOPT_VERBOSE\fP data.
 A non-zero parameter tells the library to fail silently if the HTTP code
 returned is equal to or larger than 400. The default action would be to return
 the page normally, ignoring that code.
+
+This method is not fail-safe and there are occasions where non-succesful
+response codes will slip through, especially when authentication is involved
+(response codes 401 and 407).
+
+You might get some amounts of headers transferred before this situation is
+detected, like for when a "100-continue" is received as a response to a
+POST/PUT and a 401 or 407 is received immediately afterwards.
 .SH NETWORK OPTIONS
 .IP CURLOPT_URL
 The actual URL to deal with. The parameter should be a char * to a zero
diff --git a/lib/transfer.c b/lib/transfer.c
index 300b8e9f6..28e3fe476 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -675,10 +675,9 @@ CURLcode Curl_readwrite(struct connectdata *conn,
                  * depending on how authentication is working.  Other codes
                  * are definitely errors, so give up here.
                  */
-                if (data->set.http_fail_on_error &&
-                    (k->httpcode >= 400) &&
-                    (k->httpcode != 401) &&
-                    (k->httpcode != 407)) {
+                if (data->set.http_fail_on_error && (k->httpcode >= 400) &&
+                    ((k->httpcode != 401) || !data->set.userpwd) &&
+                    ((k->httpcode != 407) || !data->set.proxyuserpwd) ) {
 
                   if (data->reqdata.resume_from &&
                       (data->set.httpreq==HTTPREQ_GET) &&
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index ffb392f01..62edee1b6 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -36,4 +36,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	   \
  test265 test266 test267 test268 test269 test270 test271 test272 test273   \
  test274 test275 test524 test525 test276 test277 test526 test527 test528   \
  test530 DISABLED test278 test279 test531 test280 test529 test532 test533  \
- test534 test535
+ test534 test535 test281
diff --git a/tests/data/test281 b/tests/data/test281
new file mode 100644
index 000000000..ffbebbe66
--- /dev/null
+++ b/tests/data/test281
@@ -0,0 +1,63 @@
+<info>
+<keywords>
+HTTP
+HTTP PUT
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 100 Continue
+
+HTTP/1.1 401 Bad Auth swsclose
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+WWW-Authenticate: Basic Realm=authenticate
+Server: test-server/fake
+</data>
+<datacheck>
+HTTP/1.1 100 Continue
+
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP PUT from file with 100 + 401 responses and -f without auth given
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/we/want/281 -f -T log/test281.txt
+</command>
+<file name="log/test281.txt">
+Weird
+     file
+         to
+   upload
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<errorcode>
+22
+</errorcode>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+PUT /we/want/281 HTTP/1.1
+Host: 127.0.0.1:%HTTPPORT
+Accept: */*
+Content-Length: 38
+Expect: 100-continue
+
+Weird
+     file
+         to
+   upload
+</protocol>
+</verify>