- Ben Van Hof filed bug report #1945240: "libcurl sometimes sends body twice

when using CURL_AUTH_ANY" (http://curl.haxx.se/bug/view.cgi?id=1945240).
  The problem was that when libcurl rewound a stream meant for upload when it
  would prepare for a second request, it could accidentally continue the
  sending of the rewound data on the first request instead of on the second.
  Ben also provided test case 1030 that verifies this fix.

CHANGES

@@ -7,6 +7,14 @@
                                   Changelog
 
 
+Daniel Stenberg (3 May 2008)
+- Ben Van Hof filed bug report #1945240: "libcurl sometimes sends body twice
+  when using CURL_AUTH_ANY" (http://curl.haxx.se/bug/view.cgi?id=1945240).
+  The problem was that when libcurl rewound a stream meant for upload when it
+  would prepare for a second request, it could accidentally continue the
+  sending of the rewound data on the first request instead of on the second.
+  Ben also provided test case 1030 that verifies this fix.
+
 Daniel Stenberg (3 May 2008)
 - Jean-Francois Bertrand reported a libcurl crash with CURLOPT_TCP_NODELAY
   since libcurl used getprotobyname() and that isn't thread-safe. We now

RELEASE-NOTES

@@ -28,6 +28,7 @@ This release includes the following bugfixes:
    circumstances (found when using curlftpfs)
  o CURLOPT_OPENSOCKETFUNCTION can now be used to create a unix domain socket
  o CURLOPT_TCP_NODELAY crash due to getprotobyname() use
+ o libcurl sometimes sent body twice when using CURLAUTH_ANY
 
 This release includes the following known bugs:
 
@@ -48,6 +49,6 @@ advice from friends like these:
 
  Michal Marek, Daniel Fandrich, Scott Barrett, Alexey Simak, Daniel Black,
  Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi, Stefan Krause,
- David Shaw, Norbert Frese, Bart Whiteley, Jean-Francois Bertrand
+ David Shaw, Norbert Frese, Bart Whiteley, Jean-Francois Bertrand, Ben Van Hof
 
         Thanks! (and sorry if I forgot to mention someone)

lib/transfer.c

@@ -228,9 +228,9 @@ checkhttpprefix(struct SessionHandle *data,
 }
 
 /*
- * Curl_readrewind() rewinds the read stream. This typically (so far) only
- * used for HTTP POST/PUT with multi-pass authentication when a sending was
- * denied and a resend is necessary.
+ * Curl_readrewind() rewinds the read stream. This is typically used for HTTP
+ * POST/PUT with multi-pass authentication when a sending was denied and a
+ * resend is necessary.
  */
 CURLcode Curl_readrewind(struct connectdata *conn)
 {
@@ -238,6 +238,11 @@ CURLcode Curl_readrewind(struct connectdata *conn)
 
   conn->bits.rewindaftersend = FALSE; /* we rewind now */
 
+  /* explicitly switch of sending data on this transfer now since we are about
+     to restart a new transfer and thus we want to avoid inadvertently sending
+     more data on the existing connection until the next request starts */
+  data->req.keepon &= ~KEEP_WRITE;
+
   /* We have sent away data. If not using CURLOPT_POSTFIELDS or
      CURLOPT_HTTPPOST, call app to rewind
   */

tests/data/Makefile.am

@@ -50,7 +50,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	   \
  test551 test552 test1016 test1017 test1018 test1019 test1020 test553      \
  test1021 test1022 test1023 test309 test616 test617 test618 test619        \
  test620 test621 test622 test623 test624 test625 test626 test627 test554   \
- test1024 test1025 test555 test1026 test1027 test1028 test1029
+ test1024 test1025 test555 test1026 test1027 test1028 test1029 test1030
 
 filecheck:
 	@mkdir test-place; \

tests/data/test1030

@@ -0,0 +1,109 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP PUT
+HTTP Digest auth
+--anyauth
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data>
+HTTP/1.1 401 Authorization Required
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Digest realm="gimme all yer s3cr3ts", nonce="11223344"
+Content-Length: 26
+Content-Type: text/html; charset=iso-8859-1
+
+This is not the real page
+</data>
+
+# This is supposed to be returned when the server gets a
+# Authorization: Digest line passed-in from the client
+<data1000>
+HTTP/1.1 200 OK
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 23
+Connection: close
+
+This IS the real page!
+</data1000>
+
+<datacheck>
+HTTP/1.1 401 Authorization Required
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+WWW-Authenticate: Blackmagic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Basic realm="gimme all yer s3cr3ts"
+WWW-Authenticate: Digest realm="gimme all yer s3cr3ts", nonce="11223344"
+Content-Length: 26
+Content-Type: text/html; charset=iso-8859-1
+
+HTTP/1.1 200 OK
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 23
+Connection: close
+
+This IS the real page!
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+crypto
+</features>
+ <name>
+HTTP PUT with --anyauth authorization (picking Digest)
+ </name>
+ <command>
+http://%HOSTIP:%HTTPPORT/1030 -T log/put1030 -u testuser:testpass --anyauth
+</command>
+<file name="log/put1030">
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+PUT /1030 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 85
+Expect: 100-continue
+
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+PUT /1030 HTTP/1.1
+Authorization: Digest username="testuser", realm="gimme all yer s3cr3ts", nonce="11223344", uri="/1030", response="01cb59db1ddaac246b072d5f5f0716d9"
+User-Agent: curl/7.10.5 (i686-pc-linux-gnu) libcurl/7.10.5 OpenSSL/0.9.7a ipv6 zlib/1.1.3
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+Content-Length: 85
+Expect: 100-continue
+
+This is data we upload with PUT
+a second line
+line three
+four is the number of lines
+</protocol>
+</verify>
+</testcase>