From cde5e35d9b046b224c64936c432d67c9de8bcc9e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 25 Oct 2006 20:40:14 +0000 Subject: Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the case when 401 or 407 are returned, *IF* no auth credentials have been given. The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401 and 407 cases when auth credentials is given, but we've now covered this somewhat more. You might get some amounts of headers transferred before this situation is detected, like for when a "100-continue" is received as a response to a POST/PUT and a 401 or 407 is received immediately afterwards. Added test 281 to verify this change. --- CHANGES | 13 +++++++++ RELEASE-NOTES | 7 +++-- docs/curl.1 | 4 +++ docs/libcurl/curl_easy_setopt.3 | 8 ++++++ lib/transfer.c | 7 ++--- tests/data/Makefile.am | 2 +- tests/data/test281 | 63 +++++++++++++++++++++++++++++++++++++++++ 7 files changed, 96 insertions(+), 8 deletions(-) create mode 100644 tests/data/test281 diff --git a/CHANGES b/CHANGES index 6199e9c8e..462841d2c 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,19 @@ Changelog +Daniel (25 October 2006) +- Fixed CURLOPT_FAILONERROR to return CURLE_HTTP_RETURNED_ERROR even for the + case when 401 or 407 are returned, *IF* no auth credentials have been given. + The CURLOPT_FAILONERROR option is not possible to make fool-proof for 401 + and 407 cases when auth credentials is given, but we've now covered this + somewhat more. + + You might get some amounts of headers transferred before this situation is + detected, like for when a "100-continue" is received as a response to a + POST/PUT and a 401 or 407 is received immediately afterwards. + + Added test 281 to verify this change. + Daniel (23 October 2006) - Ravi Pratap provided a major update with pipelining fixes. We also no longer re-use connections (for pipelining) before the name resolving is done. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0f879182c..e2b9c1ba5 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -12,9 +12,9 @@ Curl and libcurl 7.16.0 This release includes the following changes: o Added CURLE_SSL_CACERT_BADFILE - o Added CURLMOPT_TIMERFUNCTION - o The CURLOPT_SOURCE_* options are removed and so are the --3p* command line - options + o Added CURLMOPT_TIMERFUNCTION and CURLMOPT_TIMERDATA + o (FTP) the CURLOPT_SOURCE_* options are removed and so are the --3p* command + line options o curl_multi_socket() and family are suitable to start using o uses WSAPoll() on Windows Vista o (FTP) --ftp-ssl-control was added @@ -28,6 +28,7 @@ This release includes the following changes: This release includes the following bugfixes: + o (HTTP) CURLOPT_FAILONERROR (curl -f) covers a few more reponse cases o curl_multi_socket() and the LOW_SPEED options o curl_multi_socket() expire timer during c-ares name resolves o curl_multi_add_handle on an already added handle now fails gracefully diff --git a/docs/curl.1 b/docs/curl.1 index 24471d517..1305901b0 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -359,6 +359,10 @@ normal cases when a HTTP server fails to deliver a document, it returns an HTML document stating so (which often also describes why and more). This flag will prevent curl from outputting that and return error 22. +This method is not fail-safe and there are occasions where non-succesful +response codes will slip through, especially when authentication is involved +(response codes 401 and 407). + If this option is used twice, the second will again disable silent failure. .IP "--ftp-account [data]" (FTP) When an FTP server asks for "account data" after user name and password diff --git a/docs/libcurl/curl_easy_setopt.3 b/docs/libcurl/curl_easy_setopt.3 index 141323cf6..40ec28826 100644 --- a/docs/libcurl/curl_easy_setopt.3 +++ b/docs/libcurl/curl_easy_setopt.3 @@ -344,6 +344,14 @@ when showing the progress meter and displaying \fICURLOPT_VERBOSE\fP data. A non-zero parameter tells the library to fail silently if the HTTP code returned is equal to or larger than 400. The default action would be to return the page normally, ignoring that code. + +This method is not fail-safe and there are occasions where non-succesful +response codes will slip through, especially when authentication is involved +(response codes 401 and 407). + +You might get some amounts of headers transferred before this situation is +detected, like for when a "100-continue" is received as a response to a +POST/PUT and a 401 or 407 is received immediately afterwards. .SH NETWORK OPTIONS .IP CURLOPT_URL The actual URL to deal with. The parameter should be a char * to a zero diff --git a/lib/transfer.c b/lib/transfer.c index 300b8e9f6..28e3fe476 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -675,10 +675,9 @@ CURLcode Curl_readwrite(struct connectdata *conn, * depending on how authentication is working. Other codes * are definitely errors, so give up here. */ - if (data->set.http_fail_on_error && - (k->httpcode >= 400) && - (k->httpcode != 401) && - (k->httpcode != 407)) { + if (data->set.http_fail_on_error && (k->httpcode >= 400) && + ((k->httpcode != 401) || !data->set.userpwd) && + ((k->httpcode != 407) || !data->set.proxyuserpwd) ) { if (data->reqdata.resume_from && (data->set.httpreq==HTTPREQ_GET) && diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index ffb392f01..62edee1b6 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -36,4 +36,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \ test265 test266 test267 test268 test269 test270 test271 test272 test273 \ test274 test275 test524 test525 test276 test277 test526 test527 test528 \ test530 DISABLED test278 test279 test531 test280 test529 test532 test533 \ - test534 test535 + test534 test535 test281 diff --git a/tests/data/test281 b/tests/data/test281 new file mode 100644 index 000000000..ffbebbe66 --- /dev/null +++ b/tests/data/test281 @@ -0,0 +1,63 @@ + + +HTTP +HTTP PUT + + +# Server-side + + +HTTP/1.1 100 Continue + +HTTP/1.1 401 Bad Auth swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +WWW-Authenticate: Basic Realm=authenticate +Server: test-server/fake + + +HTTP/1.1 100 Continue + + + + + +# Client-side + + +http + + +HTTP PUT from file with 100 + 401 responses and -f without auth given + + +http://%HOSTIP:%HTTPPORT/we/want/281 -f -T log/test281.txt + + +Weird + file + to + upload + + + +# Verify data after the test has been "shot" + + +22 + + +^User-Agent:.* + + +PUT /we/want/281 HTTP/1.1 +Host: 127.0.0.1:%HTTPPORT +Accept: */* +Content-Length: 38 +Expect: 100-continue + +Weird + file + to + upload + + -- cgit v1.2.3