aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2008-07-26 21:15:47 +0000
committerDaniel Stenberg <daniel@haxx.se>2008-07-26 21:15:47 +0000
commita96784b98ebc60720514a788b87f66cd46abee62 (patch)
treee1c09bfaa7c2006aaa6124ea37333f07466e3204
parente06944438a798812caca36de6a95e74cea66c70e (diff)
- David Bau filed bug report #2026240 "CURL_READFUNC_PAUSE leads to buffer
overrun" (http://curl.haxx.se/bug/view.cgi?id=2026240) identifying two problems, and providing the fix for them: - CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is designed for but paused _receiving_ of data! - libcurl didn't internally set the read counter to zero when this return code was detected, which would potentially lead to junk getting sent to the server.
-rw-r--r--CHANGES12
-rw-r--r--RELEASE-NOTES3
-rw-r--r--lib/transfer.c11
3 files changed, 22 insertions, 4 deletions
diff --git a/CHANGES b/CHANGES
index c4e107f24..284aa0f44 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,18 @@
Changelog
+Daniel Stenberg (26 Jul 2008)
+- David Bau filed bug report #2026240 "CURL_READFUNC_PAUSE leads to buffer
+ overrun" (http://curl.haxx.se/bug/view.cgi?id=2026240) identifying two
+ problems, and providing the fix for them:
+
+ - CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is
+ designed for but paused _receiving_ of data!
+
+ - libcurl didn't internally set the read counter to zero when this return
+ code was detected, which would potentially lead to junk getting sent to
+ the server.
+
Daniel Fandrich (26 Jul 2008)
- Added test 1044 to test large file support in ftp with -I.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 25e90ba3c..5a8ad9d40 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -34,6 +34,7 @@ This release includes the following bugfixes:
o c-ares powered libcurls can resolve/use IPv6 addresses
o poll not working on Windows Vista due to POLLPRI being incorrectly used
o user-agent in CONNECT with non-HTTP protocols
+ o CURL_READFUNC_PAUSE problems fixed
This release includes the following known bugs:
@@ -54,7 +55,7 @@ advice from friends like these:
Rob Crittenden, Dengminwen, Christopher Palow, Hans-Jurgen May,
Phil Pellouchoud, Eduard Bloch, John Lightsey, Stephen Collyer, Tor Arntsen,
Rolland Dudemaine, Phil Blundell, Scott Barrett, Andreas Schuldei,
- Peter Lamberg
+ Peter Lamberg, David Bau
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/transfer.c b/lib/transfer.c
index 91e3f5908..4201ad18a 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -132,16 +132,21 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
if(nread == CURL_READFUNC_ABORT) {
failf(data, "operation aborted by callback");
+ *nreadp = 0;
return CURLE_ABORTED_BY_CALLBACK;
}
else if(nread == CURL_READFUNC_PAUSE) {
struct SingleRequest *k = &data->req;
- k->keepon |= KEEP_READ_PAUSE; /* mark reading as paused */
+ /* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */
+ k->keepon |= KEEP_WRITE_PAUSE; /* mark socket send as paused */
+ *nreadp = 0;
return CURLE_OK; /* nothing was read */
}
- else if((size_t)nread > buffersize)
+ else if((size_t)nread > buffersize) {
/* the read function returned a too large value */
+ *nreadp = 0;
return CURLE_READ_ERROR;
+ }
if(!data->req.forbidchunk && data->req.upload_chunky) {
/* if chunked Transfer-Encoding */
@@ -1464,7 +1469,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
else
nread = 0; /* we're done uploading/reading */
- if(!nread && (k->keepon & KEEP_READ_PAUSE)) {
+ if(!nread && (k->keepon & KEEP_WRITE_PAUSE)) {
/* this is a paused transfer */
break;
}