From 0cab3a394a190c1cdf900cf2887ccdd6a7f213ef Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 25 Apr 2017 01:03:17 +0200
Subject: http-proxy: use a dedicated CONNECT response buffer

To make it suitably independent of the receive buffer and its flexible
size.
---
 lib/http_proxy.c | 55 ++++++++++++++++++++++++++++++++++++++++---------------
 lib/url.c        |  1 +
 lib/urldata.h    |  1 +
 3 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 3c6a835f6..9894e2e5f 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -135,16 +135,12 @@ CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex)
   return CURLE_OK;
 }
 
-/*
- * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
- * function will issue the necessary commands to get a seamless tunnel through
- * this proxy. After that, the socket can be used just as a normal socket.
- */
+#define CONNECT_BUFFER_SIZE 16384
 
-CURLcode Curl_proxyCONNECT(struct connectdata *conn,
-                           int sockindex,
-                           const char *hostname,
-                           int remote_port)
+static CURLcode CONNECT(struct connectdata *conn,
+                        int sockindex,
+                        const char *hostname,
+                        int remote_port)
 {
   int subversion=0;
   struct Curl_easy *data=conn->data;
@@ -299,17 +295,17 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
       char *ptr;
       char *line_start;
 
-      ptr = data->state.buffer;
+      ptr = conn->connect_buffer;
       line_start = ptr;
 
       nread = 0;
       perline = 0;
 
-      while(nread < BUFSIZE && keepon && !error) {
+      while(nread < (size_t)CONNECT_BUFFER_SIZE && keepon && !error) {
         if(Curl_pgrsUpdate(conn))
           return CURLE_ABORTED_BY_CALLBACK;
 
-        if(ptr >= &data->state.buffer[BUFSIZE]) {
+        if(ptr >= &conn->connect_buffer[CONNECT_BUFFER_SIZE]) {
           failf(data, "CONNECT response too large!");
           return CURLE_RECV_ERROR;
         }
@@ -358,7 +354,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
           /* This means we are currently ignoring a response-body */
 
           nread = 0; /* make next read start over in the read buffer */
-          ptr = data->state.buffer;
+          ptr = conn->connect_buffer;
           if(cl) {
             /* A Content-Length based body: simply count down the counter
                and make sure to break out of the loop when we're done! */
@@ -430,7 +426,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
           /* end of response-headers from the proxy */
           nread = 0; /* make next read start over in the read
                         buffer */
-          ptr = data->state.buffer;
+          ptr = conn->connect_buffer;
           if((407 == k->httpcode) && !data->state.authproblem) {
             /* If we get a 407 response code with content length
                when we have no auth problem, we must ignore the
@@ -543,7 +539,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
         }
 
         perline = 0; /* line starts over here */
-        ptr = data->state.buffer;
+        ptr = conn->connect_buffer;
         line_start = ptr;
       } /* while there's buffer left and loop is requested */
 
@@ -628,4 +624,33 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
                                          document request  */
   return CURLE_OK;
 }
+
+/*
+ * Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
+ * function will issue the necessary commands to get a seamless tunnel through
+ * this proxy. After that, the socket can be used just as a normal socket.
+ */
+
+CURLcode Curl_proxyCONNECT(struct connectdata *conn,
+                           int sockindex,
+                           const char *hostname,
+                           int remote_port)
+{
+  CURLcode result;
+  if(TUNNEL_INIT == conn->tunnel_state[sockindex]) {
+    if(!conn->connect_buffer) {
+      conn->connect_buffer = malloc(CONNECT_BUFFER_SIZE);
+      if(!conn->connect_buffer)
+        return CURLE_OUT_OF_MEMORY;
+    }
+  }
+  result = CONNECT(conn, sockindex, hostname, remote_port);
+
+  if(result || (TUNNEL_COMPLETE == conn->tunnel_state[sockindex]))
+    Curl_safefree(conn->connect_buffer);
+
+  return result;
+}
+
+
 #endif /* CURL_DISABLE_PROXY */
diff --git a/lib/url.c b/lib/url.c
index 965b5b57b..e28acf5f9 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2997,6 +2997,7 @@ static void conn_free(struct connectdata *conn)
   Curl_safefree(conn->http_proxy.host.rawalloc); /* http proxy name buffer */
   Curl_safefree(conn->socks_proxy.host.rawalloc); /* socks proxy name buffer */
   Curl_safefree(conn->master_buffer);
+  Curl_safefree(conn->connect_buffer);
 
   conn_reset_all_postponed_data(conn);
 
diff --git a/lib/urldata.h b/lib/urldata.h
index 0cedfa817..6e87684bf 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1144,6 +1144,7 @@ struct connectdata {
   struct connectbundle *bundle; /* The bundle we are member of */
 
   int negnpn; /* APLN or NPN TLS negotiated protocol, CURL_HTTP_VERSION* */
+  char *connect_buffer; /* for CONNECT business */
 
 #ifdef USE_UNIX_SOCKETS
   char *unix_domain_socket;
-- 
cgit v1.2.3