cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS upload bug using Darwin SSL

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Thu, 24 Jan 2013 13:04:52 -0700

On Jan 23, 2013, at 5:14 PM, Bruno de Carvalho <kindernade_at_gmail.com> wrote:

> I've recently come across what seems to be a reproducible bug when uploading medium sized files (~1.5MB+) to an HTTPS server, when using libcurl v7.28.1 built with Darwin SSL support.
>
> Somewhere in the darwin SSL "glue" the contents of an upload seem to get corrupted and the request ends up sending more data than it should.

Thanks for finding this. I was able to reproduce the problem, and found out what's going on: The data is written out using write() as normal, but at some point write() is failing and setting errno to EAGAIN, meaning "I'd send this but then I'd block for too long," causing SSLWrite() to return errSSLWouldBlock, causing darwinssl_send() to return -1 and the code CURLE_AGAIN. But SSLWrite() actually succeeded in sending the data to the server prior to the EAGAIN, and returning the way we do causes libcurl to send the same data twice. Oops!

Try applying this patch to the code in the trunk. I changed darwinssl_send() so that, if it gets errSSLWouldBlock again, and it did succeed in sending at least one byte, then it returns the number of bytes it sent off prior to the EAGAIN occurring. And now I'm wondering why the OpenSSL code doesn't do this. Anyway, the sample project you created works for me after the patch. Does it work as expected in your project now?

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2013-01-24