- David Bau filed bug report #2026240 "CURL_READFUNC_PAUSE leads to buffer

overrun" (http://curl.haxx.se/bug/view.cgi?id=2026240) identifying two problems, and providing the fix for them: - CURL_READFUNC_PAUSE did in fact not pause the _sending_ of data that it is designed for but paused _receiving_ of data! - libcurl didn't internally set the read counter to zero when this return code was detected, which would potentially lead to junk getting sent to the server.
2008-07-26 21:15:47 +00:00
parent e06944438a
commit a96784b98e
3 changed files with 22 additions and 4 deletions
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -132,16 +132,21 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)

  if(nread == CURL_READFUNC_ABORT) {
    failf(data, "operation aborted by callback");
+    *nreadp = 0;
    return CURLE_ABORTED_BY_CALLBACK;
  }
  else if(nread == CURL_READFUNC_PAUSE) {
    struct SingleRequest *k = &data->req;
-    k->keepon |= KEEP_READ_PAUSE; /* mark reading as paused */
+    /* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */
+    k->keepon |= KEEP_WRITE_PAUSE; /* mark socket send as paused */
+    *nreadp = 0;
    return CURLE_OK; /* nothing was read */
  }
-  else if((size_t)nread > buffersize)
+  else if((size_t)nread > buffersize) {
    /* the read function returned a too large value */
+    *nreadp = 0;
    return CURLE_READ_ERROR;
+  }

  if(!data->req.forbidchunk && data->req.upload_chunky) {
    /* if chunked Transfer-Encoding */
@@ -1464,7 +1469,7 @@ CURLcode Curl_readwrite(struct connectdata *conn,
        else
          nread = 0; /* we're done uploading/reading */

-        if(!nread && (k->keepon & KEEP_READ_PAUSE)) {
+        if(!nread && (k->keepon & KEEP_WRITE_PAUSE)) {
          /* this is a paused transfer */
          break;
        }