Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't

send the whole request at once, even though the Expect: header was disabled
by the application. An effect of this change is also that small (< 1024
bytes) POSTs are now always sent without Expect: header since we deem it
more costly to bother about that than the risk that we send the data in
vain.

8 files changed, 32 insertions, 24 deletions

diff --git a/CHANGES b/CHANGES
index b2c393858..bacba4bd8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,14 @@
 
                                   Changelog
 
+Daniel (19 August 2006)
+- Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't
+  send the whole request at once, even though the Expect: header was disabled
+  by the application. An effect of this change is also that small (< 1024
+  bytes) POSTs are now always sent without Expect: header since we deem it
+  more costly to bother about that than the risk that we send the data in
+  vain.
+
 Daniel (9 August 2006)
 - Armel Asselin made the CURLOPT_PREQUOTE option work fine even when
   CURLOPT_NOBODY is set true. PREQUOTE is then run roughly at the same place
@@ -13,7 +21,7 @@ Daniel (9 August 2006)
   transfer.
 
 Daniel (8 August 2006)
-- - Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
+- Fixed a flaw in the "Expect: 100-continue" treatment. If you did two POSTs
   on a persistent connection and allowed the first to use that header, you
   could not disable it for the second request.
 
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index cab94828a..1f90ffe89 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -29,6 +29,6 @@ New curl mirrors:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse
+ Domenico Andreoli, Armel Asselin, Gisle Vanem, Yang Tse, Andrew Biggs
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/http.c b/lib/http.c
index 310c0a617..4df91be0a 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2249,16 +2249,24 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
 
       if(data->set.postfields) {
 
-        if((data->state.authhost.done || data->state.authproxy.done )
-           && (postsize < MAX_INITIAL_POST_SIZE)) {
-          /* If we're not done with the authentication phase, we don't expect
-             to actually send off any data yet. Hence, we delay the sending of
-             the body until we receive that friendly 100-continue response */
+        /* for really small posts we don't use Expect: headers at all, and for
+           the somewhat bigger ones we allow the app to disable it */
+        if(postsize > TINY_INITIAL_POST_SIZE) {
+          result = expect100(data, req_buffer);
+          if(result)
+            return result;
+        }
+        else
+          data->state.expect100header = FALSE;
+
+        if(!data->state.expect100header &&
+           (postsize < MAX_INITIAL_POST_SIZE))  {
+          /* if we don't use expect:-100  AND
+             postsize is less than MAX_INITIAL_POST_SIZE
 
-          /* The post data is less than MAX_INITIAL_PORT_SIZE, then append it
-             to the header. This limit is no magic limit but only set to
-             prevent really huge POSTs to get the data duplicated with
-             malloc() and family. */
+             then append the post data to the HTTP request header. This limit
+             is no magic limit but only set to prevent really huge POSTs to
+             get the data duplicated with malloc() and family. */
 
           result = add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
           if(result)
@@ -2297,18 +2305,10 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
           /* set the upload size to the progress meter */
           Curl_pgrsSetUploadSize(data, http->postsize);
 
-          result = expect100(data, req_buffer);
-          if(result)
-            return result;
-
           add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
         }
       }
       else {
-        result = expect100(data, req_buffer);
-        if(result)
-          return result;
-
         add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
 
         if(data->set.postfieldsize) {
diff --git a/lib/http.h b/lib/http.h
index e84e28b07..1c8ee7e39 100644
--- a/lib/http.h
+++ b/lib/http.h
@@ -74,7 +74,11 @@ int Curl_http_should_fail(struct connectdata *conn);
    It must not be greater than 64K to work on VMS.
 */
 #ifndef MAX_INITIAL_POST_SIZE
-#define MAX_INITIAL_POST_SIZE 1024
+#define MAX_INITIAL_POST_SIZE (64*1024)
+#endif
+
+#ifndef TINY_INITIAL_POST_SIZE
+#define TINY_INITIAL_POST_SIZE 1024
 #endif
 
 #endif
diff --git a/tests/data/test508 b/tests/data/test508
index 3d3c6c9e0..9ebbaa92a 100644
--- a/tests/data/test508
+++ b/tests/data/test508
@@ -39,7 +39,6 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*

 Content-Length: 45

 Content-Type: application/x-www-form-urlencoded

-Expect: 100-continue

 

 this is what we post to the silly web server
 </protocol>
diff --git a/tests/data/test510 b/tests/data/test510
index 79c2d11a6..1c883f18d 100644
--- a/tests/data/test510
+++ b/tests/data/test510
@@ -39,7 +39,6 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*

 Transfer-Encoding: chunked

 Content-Type: application/x-www-form-urlencoded

-Expect: 100-continue

 

 3

 one

diff --git a/tests/data/test513 b/tests/data/test513
index 920cbcc17..44063bc18 100644
--- a/tests/data/test513
+++ b/tests/data/test513
@@ -30,7 +30,6 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*

 Content-Length: 1

 Content-Type: application/x-www-form-urlencoded

-Expect: 100-continue

 

 </protocol>
 # 42 - aborted by callback
diff --git a/tests/data/test515 b/tests/data/test515
index f6be8c42c..566da84f4 100644
--- a/tests/data/test515
+++ b/tests/data/test515
@@ -40,7 +40,6 @@ Host: 127.0.0.1:%HTTPPORT
 Accept: */*

 Content-Length: 0

 Content-Type: application/x-www-form-urlencoded

-Expect: 100-continue

 

 </protocol>
 </verify>