diff options
author | Daniel Stenberg <daniel@haxx.se> | 2008-07-26 21:15:47 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2008-07-26 21:15:47 +0000 |
commit | a96784b98ebc60720514a788b87f66cd46abee62 (patch) | |
tree | e1c09bfaa7c2006aaa6124ea37333f07466e3204 | |
parent | e06944438a798812caca36de6a95e74cea66c70e (diff) |
- David Bau filed bug report #2026240 "CURL_READFUNC_PAUSE leads to buffer
overrun" (http://curl.haxx.se/bug/view.cgi?id=2026240) identifying two
problems, and providing the fix for them:
- CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is
designed for but paused _receiving_ of data!
- libcurl didn't internally set the read counter to zero when this return
code was detected, which would potentially lead to junk getting sent to
the server.
-rw-r--r-- | CHANGES | 12 | ||||
-rw-r--r-- | RELEASE-NOTES | 3 | ||||
-rw-r--r-- | lib/transfer.c | 11 |
3 files changed, 22 insertions, 4 deletions
@@ -6,6 +6,18 @@ Changelog +Daniel Stenberg (26 Jul 2008) +- David Bau filed bug report #2026240 "CURL_READFUNC_PAUSE leads to buffer + overrun" (http://curl.haxx.se/bug/view.cgi?id=2026240) identifying two + problems, and providing the fix for them: + + - CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is + designed for but paused _receiving_ of data! + + - libcurl didn't internally set the read counter to zero when this return + code was detected, which would potentially lead to junk getting sent to + the server. + Daniel Fandrich (26 Jul 2008) - Added test 1044 to test large file support in ftp with -I. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 25e90ba3c..5a8ad9d40 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -34,6 +34,7 @@ This release includes the following bugfixes: o c-ares powered libcurls can resolve/use IPv6 addresses o poll not working on Windows Vista due to POLLPRI being incorrectly used o user-agent in CONNECT with non-HTTP protocols + o CURL_READFUNC_PAUSE problems fixed This release includes the following known bugs: @@ -54,7 +55,7 @@ advice from friends like these: Rob Crittenden, Dengminwen, Christopher Palow, Hans-Jurgen May, Phil Pellouchoud, Eduard Bloch, John Lightsey, Stephen Collyer, Tor Arntsen, Rolland Dudemaine, Phil Blundell, Scott Barrett, Andreas Schuldei, - Peter Lamberg + Peter Lamberg, David Bau Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/transfer.c b/lib/transfer.c index 91e3f5908..4201ad18a 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -132,16 +132,21 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp) if(nread == CURL_READFUNC_ABORT) { failf(data, "operation aborted by callback"); + *nreadp = 0; return CURLE_ABORTED_BY_CALLBACK; } else if(nread == CURL_READFUNC_PAUSE) { struct SingleRequest *k = &data->req; - k->keepon |= KEEP_READ_PAUSE; /* mark reading as paused */ + /* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */ + k->keepon |= KEEP_WRITE_PAUSE; /* mark socket send as paused */ + *nreadp = 0; return CURLE_OK; /* nothing was read */ } - else if((size_t)nread > buffersize) + else if((size_t)nread > buffersize) { /* the read function returned a too large value */ + *nreadp = 0; return CURLE_READ_ERROR; + } if(!data->req.forbidchunk && data->req.upload_chunky) { /* if chunked Transfer-Encoding */ @@ -1464,7 +1469,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, else nread = 0; /* we're done uploading/reading */ - if(!nread && (k->keepon & KEEP_READ_PAUSE)) { + if(!nread && (k->keepon & KEEP_WRITE_PAUSE)) { /* this is a paused transfer */ break; } |