Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTP POST/PUT request with NTLM authentication leads to HTTP Status 411 Length required

From: Isaac Boukris <iboukris_at_gmail.com>
Date: Fri, 3 Feb 2017 01:14:13 +0200

On Thu, Feb 2, 2017 at 2:16 PM, Hölzl, Dominik
<Dominik.Hoelzl_at_fabasoft.com> wrote:
> Hello!
>
>
>
> I have the following problem:
>
>
>
> I want to perform an HTTP POST request, PUT request or another custom
> request (CURLOPT_CUSTOMREQUEST) with some data (CURLOPT_UPLOAD,
> CURLOPT_INFILESIZE_LARGE) with using NTLM authentication (CURLOPT_HTTPAUTH
> CURLAUTH_NTLM, CURLOPT_USERPWD).
>
>
>
> But the request fails with 411 Length required (Server: IIS 6.2), if this is
> the first request of a CURL-handle.
>
> Performing a GET request always works as expected.
>
>
>
> WireShark shows, that cURL removes the “Content-Length” header in the NTLM
> challenge request and therefore the Server complains about the missing
> header.
>
> Adding the “Content-Length” header additionally to the request does not
> help. If I add a “Content-Length-X”-Header, I can see in WireShark that this
> header survives, but the Content-Length header is missing.
>
> Adding a “Expect: 100-continue” header does not help either.
>
>
>
>
>
> Regarding to the change-logs this bug has been fixed in version 7.19.6
> (https://curl.haxx.se/changes.html#7_19_6):
>
> Bugfixes:
>
> · …
>
> · set Content-Length: with POST and PUT failed with NTLM auth
>
> · …
>
>
>
> I have following discussion about this bug found:
>
> http://marc.info/?t=107172137000001&r=1&w=2
>
>
>
>
>
> If I use cURL Library version 7.19.6 where this bug was initially fixed the
> problem disappears and the request works as expected.
>
>
>
> If I use cURL Library version 7.49.1 or the latest Version, 7.52.1, the
> request fails with 411 Length required as mentioned above.
>
> It seems some changes to cURL broke that. I did not test in which version
> the bug reappeared.
>
>
>
>
>
> Do you have any suggestions how to work around that problem? I want to use
> the latest cURL Library version for security reasons.

Can you show us how to reproduce this (code sample or curl command)?
It doesn't reproduce by me.

There is some logic in curl to set Content-Length:0 in the initial
request of ntlm connections (in order
to avoid having to send the data to be discarded), but that should be
ok, example:
curl -v -uavi:zubur1 --ntlm -Fa=b http://httpbin.org/post

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-02-03