diff options
author | Daniel Stenberg <daniel@haxx.se> | 2006-08-18 22:54:57 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2006-08-18 22:54:57 +0000 |
commit | 490cccba3cfd5ba54ecb64a10fb63c2f0e94a67d (patch) | |
tree | eb23253d22757afac1453bb875043db4ffa65f6e /lib | |
parent | 839441e236764996425fe768e9497b1f914cea3e (diff) |
Andrew Biggs pointed out a "Expect: 100-continue" flaw where libcurl didn't
send the whole request at once, even though the Expect: header was disabled
by the application. An effect of this change is also that small (< 1024
bytes) POSTs are now always sent without Expect: header since we deem it
more costly to bother about that than the risk that we send the data in
vain.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/http.c | 34 | ||||
-rw-r--r-- | lib/http.h | 6 |
2 files changed, 22 insertions, 18 deletions
diff --git a/lib/http.c b/lib/http.c index 310c0a617..4df91be0a 100644 --- a/lib/http.c +++ b/lib/http.c @@ -2249,16 +2249,24 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) if(data->set.postfields) { - if((data->state.authhost.done || data->state.authproxy.done ) - && (postsize < MAX_INITIAL_POST_SIZE)) { - /* If we're not done with the authentication phase, we don't expect - to actually send off any data yet. Hence, we delay the sending of - the body until we receive that friendly 100-continue response */ + /* for really small posts we don't use Expect: headers at all, and for + the somewhat bigger ones we allow the app to disable it */ + if(postsize > TINY_INITIAL_POST_SIZE) { + result = expect100(data, req_buffer); + if(result) + return result; + } + else + data->state.expect100header = FALSE; + + if(!data->state.expect100header && + (postsize < MAX_INITIAL_POST_SIZE)) { + /* if we don't use expect:-100 AND + postsize is less than MAX_INITIAL_POST_SIZE - /* The post data is less than MAX_INITIAL_PORT_SIZE, then append it - to the header. This limit is no magic limit but only set to - prevent really huge POSTs to get the data duplicated with - malloc() and family. */ + then append the post data to the HTTP request header. This limit + is no magic limit but only set to prevent really huge POSTs to + get the data duplicated with malloc() and family. */ result = add_buffer(req_buffer, "\r\n", 2); /* end of headers! */ if(result) @@ -2297,18 +2305,10 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) /* set the upload size to the progress meter */ Curl_pgrsSetUploadSize(data, http->postsize); - result = expect100(data, req_buffer); - if(result) - return result; - add_buffer(req_buffer, "\r\n", 2); /* end of headers! */ } } else { - result = expect100(data, req_buffer); - if(result) - return result; - add_buffer(req_buffer, "\r\n", 2); /* end of headers! */ if(data->set.postfieldsize) { diff --git a/lib/http.h b/lib/http.h index e84e28b07..1c8ee7e39 100644 --- a/lib/http.h +++ b/lib/http.h @@ -74,7 +74,11 @@ int Curl_http_should_fail(struct connectdata *conn); It must not be greater than 64K to work on VMS. */ #ifndef MAX_INITIAL_POST_SIZE -#define MAX_INITIAL_POST_SIZE 1024 +#define MAX_INITIAL_POST_SIZE (64*1024) +#endif + +#ifndef TINY_INITIAL_POST_SIZE +#define TINY_INITIAL_POST_SIZE 1024 #endif #endif |