From 4fef0d4f14dc3765e88a17fae3c4cd90fff89c33 Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Wed, 29 Oct 2008 19:06:48 +0000
Subject: [PATCH] Fixed a bug that caused a few bytes of garbage to be sent
 after a curl_easy_pause() during a chunky upload. Reported by Steve
 Roskowski.

---
 CHANGES        | 4 ++++
 RELEASE-NOTES  | 3 ++-
 lib/transfer.c | 8 ++++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index fdccc1ddf8..ad335f725b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Daniel Fandrich (29 Oct 2008)
+- Fixed a bug that caused a few bytes of garbage to be sent after a
+  curl_easy_pause() during a chunky upload. Reported by Steve Roskowski.
+
 Daniel Fandrich (28 Oct 2008)
 - Changed the "resolve" test precheck program to verify that an IPv6 socket
   can be created before resolving the IPv6 name.  In the context of running
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 2f2576ea4d..3e418f20dc 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -40,6 +40,7 @@ This release includes the following bugfixes:
  o CURLINFO_REDIRECT_URL memory leak and wrong-doing
  o case insensitive string matching works in Turkish too
  o Solaris builds get _REENTRANT defined properly and work again
+ o Garbage sent on chunky upload after curl_easy_pause()
 
 This release includes the following known bugs:
 
@@ -56,6 +57,6 @@ advice from friends like these:
  Linus Nielsen Feltzing, Martin Drasar, Stefan Krause, Dmitry Kurochkin,
  Mike Revi, Andres Garcia, Michael Goffioul, Markus Moeller, Rob Crittenden,
  Jamie Lokier, Emanuele Bovisio, Maxim Ivanov, Ian Lynagh, Daniel Egger,
- Igor Novoseltsev, John Wilkinson, Pascal Terjan
+ Igor Novoseltsev, John Wilkinson, Pascal Terjan, Steve Roskowski
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/transfer.c b/lib/transfer.c
index 80eda3d33e..35443bf2fd 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -132,7 +132,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
   if(data->req.upload_chunky) {
     /* if chunked Transfer-Encoding */
     buffersize -= (8 + 2 + 2);   /* 32bit hex + CRLF + CRLF */
-    data->req.upload_fromhere += 10; /* 32bit hex + CRLF */
+    data->req.upload_fromhere += (8 + 2); /* 32bit hex + CRLF */
   }
 
   /* this function returns a size_t, so we typecast to int to prevent warnings
@@ -149,6 +149,10 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
     struct SingleRequest *k = &data->req;
     /* CURL_READFUNC_PAUSE pauses read callbacks that feed socket writes */
     k->keepon |= KEEP_WRITE_PAUSE; /* mark socket send as paused */
+    if(data->req.upload_chunky) {
+      /* Back out the preallocation done above */
+      data->req.upload_fromhere -= (8 + 2);
+    }
     *nreadp = 0;
     return CURLE_OK; /* nothing was read */
   }
@@ -168,7 +172,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
     data->req.upload_fromhere -= hexlen;
     nread += hexlen;
 
-    /* copy the prefix to the buffer */
+    /* copy the prefix to the buffer, leaving out the NUL */
     memcpy(data->req.upload_fromhere, hexbuffer, hexlen);
 
     /* always append CRLF to the data */
-- 
GitLab