From 7b1a22147e97e06316ca8707d6177fa9187d7550 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 13 Dec 2007 10:00:06 +0000
Subject: [PATCH] David Wright filed bug report #1849764
 (http://curl.haxx.se/bug/view.cgi?id=1849764) with an included fix. He
 identified a problem for re-used connections that previously had sent Expect:
 100-continue and in some situations the subsequent POST (that didn't use
 Expect:) still had the internal flag set for its use. David's fix (that makes
 the setting of the flag in every single request unconditionally) is fine and
 is now used!

---
 CHANGES       |  9 +++++++++
 RELEASE-NOTES |  3 ++-
 lib/http.c    | 22 ++++++++++++----------
 3 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6ce94b139b..7921bcb5c7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,15 @@
                                   Changelog
 
 
+Daniel S (13 Dec 2007)
+- David Wright filed bug report #1849764
+  (http://curl.haxx.se/bug/view.cgi?id=1849764) with an included fix. He
+  identified a problem for re-used connections that previously had sent
+  Expect: 100-continue and in some situations the subsequent POST (that didn't
+  use Expect:) still had the internal flag set for its use. David's fix (that
+  makes the setting of the flag in every single request unconditionally) is
+  fine and is now used!
+
 Daniel S (12 Dec 2007)
 - Gilles Blanc made the curl tool enable SO_KEEPALIVE for the connections and
   added the --no-keep-alive option that can disable that on demand.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a1f1d7a389..6714b8dcd9 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -35,6 +35,7 @@ This release includes the following bugfixes:
  o no longer default-appends ;type= on FTP URLs thru proxies
  o SSL session id caching
  o POST with callback over proxy requiring NTLM or Digest
+ o Expect: 100-continue flaw on re-used connection with POSTs
 
 This release includes the following known bugs:
 
@@ -55,6 +56,6 @@ advice from friends like these:
  Dan Fandrich, Gisle Vanem, Toby Peterson, Yang Tse, Daniel Black,
  Robin Johnson, Michal Marek, Ates Goral, Andres Garcia, Rob Crittenden,
  Emil Romanus, Alessandro Vesely, Ray Pekowski, Spacen Jasset, Andrew Moise,
- Gilles Blanc
+ Gilles Blanc, David Wright
  
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/http.c b/lib/http.c
index 7f3ff35a31..e41a8f7501 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2613,17 +2613,19 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
           return result;
       }
 
-      if(data->set.postfields) {
+      /* For really small posts we don't use Expect: headers at all, and for
+         the somewhat bigger ones we allow the app to disable it. Just make
+         sure that the expect100header is always set to the preferred value
+         here. */
+      if(postsize > TINY_INITIAL_POST_SIZE) {
+        result = expect100(data, req_buffer);
+        if(result)
+          return result;
+      }
+      else
+        data->state.expect100header = FALSE;
 
-        /* for really small posts we don't use Expect: headers at all, and for
-           the somewhat bigger ones we allow the app to disable it */
-        if(postsize > TINY_INITIAL_POST_SIZE) {
-          result = expect100(data, req_buffer);
-          if(result)
-            return result;
-        }
-        else
-          data->state.expect100header = FALSE;
+      if(data->set.postfields) {
 
         if(!data->state.expect100header &&
            (postsize < MAX_INITIAL_POST_SIZE))  {