http: fix missing 'Content-Length: 0' while negotiating auth (13e3a18b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/http.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -2512,7 +2512,7 @@ CURLcode Curl_http(struct connectdata conn, bool done)
		postsize = data->state.infilesize;

		if((postsize != -1) && !data->req.upload_chunky &&
		!Curl_checkheaders(conn, "Content-Length:")) {
		(conn->bits.authneg \|\| !Curl_checkheaders(conn, "Content-Length:"))) {
		/* only add Content-Length if not uploading chunked */
		result = Curl_add_bufferf(req_buffer,
		"Content-Length: %" CURL_FORMAT_CURL_OFF_T
		@@ -2564,7 +2564,7 @@ CURLcode Curl_http(struct connectdata conn, bool done)
		we don't upload data chunked, as RFC2616 forbids us to set both
		kinds of headers (Transfer-Encoding: chunked and Content-Length) */
		if((postsize != -1) && !data->req.upload_chunky &&
		!Curl_checkheaders(conn, "Content-Length:")) {
		(conn->bits.authneg \|\| !Curl_checkheaders(conn, "Content-Length:"))) {
		/* we allow replacing this header if not during auth negotiation,
		although it isn't very wise to actually set your own */
		result = Curl_add_bufferf(req_buffer,

tests/data/Makefile.inc

+1 −1

Original line number	Diff line number	Diff line
		@@ -130,7 +130,7 @@ test1236 test1237 test1238 test1239 test1240 test1241 test1242 test1243 \
		test1244 test1245 test1246 test1247 test1248 test1249 test1250 test1251 \
		test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
		\
		test1280 test1281 test1282 test1283 \
		test1280 test1281 test1282 test1283 test1284 test1285 \
		\
		test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 \
		test1308 test1309 test1310 test1311 test1312 test1313 test1314 test1315 \

tests/data/test1284

0 → 100644

+89 −0

Original line number	Diff line number	Diff line
		<testcase>
		<info>
		<keywords>
		HTTP
		HTTP POST
		HTTP Digest auth
		</keywords>
		</info>

		# Server-side
		<reply>
		<data>
		HTTP/1.1 401 authentication please swsbounce
		Server: Microsoft-IIS/6.0
		WWW-Authenticate: Digest realm="testrealm", nonce="1053604144"
		Content-Type: text/html; charset=iso-8859-1
		Content-Length: 0

		</data>
		<data1000>
		HTTP/1.1 200 A OK
		Server: Microsoft-IIS/6.0
		Content-Type: text/html; charset=iso-8859-1
		Content-Length: 3

		ok
		</data1000>

		<datacheck>
		HTTP/1.1 401 authentication please swsbounce
		Server: Microsoft-IIS/6.0
		WWW-Authenticate: Digest realm="testrealm", nonce="1053604144"
		Content-Type: text/html; charset=iso-8859-1
		Content-Length: 0

		HTTP/1.1 200 A OK
		Server: Microsoft-IIS/6.0
		Content-Type: text/html; charset=iso-8859-1
		Content-Length: 3

		ok
		</datacheck>

		</reply>

		# Client-side
		<client>
		#
		<server>
		http
		</server>
		<features>
		!SSPI
		crypto
		</features>
		<name>
		HTTP POST --digest with user-specified Content-Length header
		</name>
		# This test is to ensure 'Content-Length: 0' is sent while negotiating auth
		# even when there is a user-specified Content-Length header.
		# https://github.com/curl/curl/pull/1242
		<command>
		-H "Content-Length: 11" -u auser:apasswd --digest -d "junkelijunk" http://%HOSTIP:%HTTPPORT/1284
		</command>
		</client>

		# Verify data after the test has been "shot"
		<verify>
		<strip>
		^User-Agent:.*
		</strip>
		<protocol nonewline="yes">
		POST /1284 HTTP/1.1
		Host: %HOSTIP:%HTTPPORT
		Accept: /
		Content-Length: 0
		Content-Type: application/x-www-form-urlencoded

		POST /1284 HTTP/1.1
		Host: %HOSTIP:%HTTPPORT
		Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/1284", response="5763079608de439072861a59ac733515"
		Accept: /
		Content-Length: 11
		Content-Type: application/x-www-form-urlencoded

		junkelijunk
		</protocol>
		</verify>
		</testcase>

tests/data/test1285

0 → 100644

+97 −0

Original line number	Diff line number	Diff line
		<testcase>
		<info>
		<keywords>
		HTTP
		HTTP PUT
		HTTP Digest auth
		</keywords>
		</info>

		# Server-side
		<reply>
		<data>
		HTTP/1.1 401 authentication please swsbounce
		Server: Microsoft-IIS/6.0
		WWW-Authenticate: Digest realm="testrealm", nonce="1053604144"
		Content-Type: text/html; charset=iso-8859-1
		Content-Length: 0

		</data>
		<data1000>
		HTTP/1.1 200 A OK
		Server: Microsoft-IIS/6.0
		Content-Type: text/html; charset=iso-8859-1
		Content-Length: 3

		ok
		</data1000>

		<datacheck>
		HTTP/1.1 401 authentication please swsbounce
		Server: Microsoft-IIS/6.0
		WWW-Authenticate: Digest realm="testrealm", nonce="1053604144"
		Content-Type: text/html; charset=iso-8859-1
		Content-Length: 0

		HTTP/1.1 200 A OK
		Server: Microsoft-IIS/6.0
		Content-Type: text/html; charset=iso-8859-1
		Content-Length: 3

		ok
		</datacheck>

		</reply>

		# Client-side
		<client>
		#
		<server>
		http
		</server>
		<features>
		!SSPI
		crypto
		</features>
		<name>
		HTTP PUT --digest with user-specified Content-Length header
		</name>
		# This test is to ensure 'Content-Length: 0' is sent while negotiating auth
		# even when there is a user-specified Content-Length header.
		# https://github.com/curl/curl/pull/1242
		<command>
		-H "Content-Length: 85" -u auser:apasswd --digest -T log/put1285 http://%HOSTIP:%HTTPPORT/1285
		</command>
		<file name="log/put1285">
		This is data we upload with PUT
		a second line
		line three
		four is the number of lines
		</file>
		</client>

		# Verify data after the test has been "shot"
		<verify>
		<strip>
		^User-Agent:.*
		</strip>
		<protocol>
		PUT /1285 HTTP/1.1
		Host: %HOSTIP:%HTTPPORT
		Accept: /
		Content-Length: 0

		PUT /1285 HTTP/1.1
		Host: %HOSTIP:%HTTPPORT
		Authorization: Digest username="auser", realm="testrealm", nonce="1053604144", uri="/1285", response="dc185587d5e8391b347eef194c2a3cd6"
		Accept: /
		Content-Length: 85
		Expect: 100-continue

		This is data we upload with PUT
		a second line
		line three
		four is the number of lines
		</protocol>
		</verify>
		</testcase>

Admin message