Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't

send the whole request at once, even though the Expect: header was disabled by the application. An effect of this change is also that small (< 1024 bytes) POSTs are now always sent without Expect: header since we deem it more costly to bother about that than the risk that we send the data in vain.
author: Daniel Stenberg <daniel@haxx.se> 2006-08-18 22:54:57 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2006-08-18 22:54:57 +0000
commit: 490cccba3cfd5ba54ecb64a10fb63c2f0e94a67d (patch)
tree: eb23253d22757afac1453bb875043db4ffa65f6e /lib/http.c
parent: 839441e236764996425fe768e9497b1f914cea3e (diff)
1 files changed, 17 insertions, 17 deletions
diff --git a/lib/http.c b/lib/http.c
index 310c0a617..4df91be0a 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2249,16 +2249,24 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
 
       if(data->set.postfields) {
 
-        if((data->state.authhost.done || data->state.authproxy.done )
-           && (postsize < MAX_INITIAL_POST_SIZE)) {
-          /* If we're not done with the authentication phase, we don't expect
-             to actually send off any data yet. Hence, we delay the sending of
-             the body until we receive that friendly 100-continue response */
+        /* for really small posts we don't use Expect: headers at all, and for
+           the somewhat bigger ones we allow the app to disable it */
+        if(postsize > TINY_INITIAL_POST_SIZE) {
+          result = expect100(data, req_buffer);
+          if(result)
+            return result;
+        }
+        else
+          data->state.expect100header = FALSE;
+
+        if(!data->state.expect100header &&
+           (postsize < MAX_INITIAL_POST_SIZE))  {
+          /* if we don't use expect:-100  AND
+             postsize is less than MAX_INITIAL_POST_SIZE
 
-          /* The post data is less than MAX_INITIAL_PORT_SIZE, then append it
-             to the header. This limit is no magic limit but only set to
-             prevent really huge POSTs to get the data duplicated with
-             malloc() and family. */
+             then append the post data to the HTTP request header. This limit
+             is no magic limit but only set to prevent really huge POSTs to
+             get the data duplicated with malloc() and family. */
 
           result = add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
           if(result)
@@ -2297,18 +2305,10 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
           /* set the upload size to the progress meter */
           Curl_pgrsSetUploadSize(data, http->postsize);
 
-          result = expect100(data, req_buffer);
-          if(result)
-            return result;
-
           add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
         }
       }
       else {
-        result = expect100(data, req_buffer);
-        if(result)
-          return result;
-
         add_buffer(req_buffer, "\r\n", 2); /* end of headers! */
 
         if(data->set.postfieldsize) {
author	Daniel Stenberg <daniel@haxx.se>	2006-08-18 22:54:57 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2006-08-18 22:54:57 +0000
commit	490cccba3cfd5ba54ecb64a10fb63c2f0e94a67d (patch)
tree	eb23253d22757afac1453bb875043db4ffa65f6e /lib/http.c
parent	839441e236764996425fe768e9497b1f914cea3e (diff)