Hello

I'm quite new to this list and tried to find information about the issue
around the curl site but didn't. So I'd like to ask this list about the
following issue, presumably a bug.

Issue:
------
If curl encounters a keep-alive failure and had a custom "Host:" header in
the request, the following retry request contains an additional host header
created by curl (beside the custom one). Multiple "Host:" headers in a
request are illegal HTTP and most servers reject such requests.

Libcurl version tested
----------------------
7.12.2 & 7.12.3 on Solaris 8

Details
-------
It seems that libcurl treats a failed keep-alive request (client sends data
on open TCP socket but receives nothing back because server closed the
connection in the meantime) like a normal follow-up URL. The following code
section of transfer.c illustrates this:

<curl source transfer.c line 2122>
  if((conn->keep.bytecount+conn->headerbytecount == 0) &&
    conn->bits.reuse) {
    /* We got no data and we attempted to re-use a connection. This
    might happen if the connection was left alive when we were done
    using it before, but that was closed when we wanted to read
    from it again. Bad luck. Retry the same request on a fresh
    connect! */
    infof(data, "Connection died, retrying a fresh connect\n");
    newurl = strdup(conn->data->change.url);
    conn->bits.close = TRUE; /* close this connection */
    conn->bits.retry = TRUE; /* mark this as a connection we're about
                            to retry. Marking it this way should
                            prevent i.e HTTP transfers to return
                            error just because nothing has been
                            transfered! */
  }
</curl source>

If curl encounters an open keep-alive socket but the server closes it in the
meantime, it performs a retry using the normal Curl_follow() mechanism. But
in http.c (starting line 1461), the follow flag now causes curl to add a new
"Host:" header to the request in spite of the already set custom "Host:"
header. In my tests, I ended up with having both "Host:" headers in the
request: my custom one set for the request when calling curl_easy_perform()
and the one that curl adds automatically.

Suggestion
----------
I'm that familiar with the sources to submit code suggestions for curl. I
guess that curl should treat a failed keep-alive request differently from a
redirect follow request. It should actually resend the same request again on
a fresh socket without any other changes.

I'm interested to hear what you think about this and if anybody else already
experienced this problem.

Best regards,

Cyrill
Received on 2005-01-10