Configuration line with certain lengths ignored

[Acconut]

I did this

I created a configuration file (curl-config.txt) for curl's --config with the following content:

request = "POST"
url = "http://example.com"
verbose
data = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

When saving this file, ensure that there is no trailing newline. Some editors automatically add a trailing newline, so you might have to disable that.

When running curl --config curl-config.txt, the verbose output indicates that curl sent a POST request without any body, ignoring the data instruction:

> POST / HTTP/1.1
> Host: example.com
> User-Agent: curl/8.12.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 411 Length Required
< Mime-Version: 1.0
< Content-Type: text/html
< Content-Length: 326
< Cache-Control: max-age=0
< Date: Fri, 11 Apr 2025 14:24:31 GMT
< Connection: close
< 
<HTML><HEAD>
<TITLE>Bad Request</TITLE>
</HEAD><BODY>
[...]

I discovered that the last line in the configuration is ignored when there is no trailing newline and the last line's length is a multiple of 127. It happens for lines of 254, 381, 508 etc.

If a trailing newline is added or one x is added/removed, curl properly includes the body:

> POST / HTTP/1.1
> Host: example.com
> User-Agent: curl/8.12.1
> Accept: */*
> Content-Length: 117
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 117 bytes
< HTTP/1.1 403 Forbidden
< Mime-Version: 1.0
< Content-Type: text/html
< Content-Length: 361
< Cache-Control: max-age=0
< Date: Fri, 11 Apr 2025 14:36:13 GMT
< Connection: close
< 

I expected the following

Curl should send a request with a non-empty body.

curl/libcurl version

curl 8.12.1 (aarch64-unknown-linux-gnu) libcurl/8.12.1 OpenSSL/3.3.3 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0
Release-Date: 2025-02-13
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd

I confirmed that the bug is present in the current master branch. It was not present in curl 8.7.1. Bisecting the changes between these versions led me to believe that d8618f4 introduce the regression. The commit introduced a buffer of size 128, which is suspiciously close to the magic length of 127.

operating system

Linux 5.19.0-46-generic #47-Ubuntu SMP PREEMPT_DYNAMIC Fri Jun 16 13:33:58 UTC 2023 aarch64 GNU/Linux

[cole-h]

Me and my colleagues discovered a very similar bug in the netrc file parsing, but I bisected it to the much earlier 142ac25. I submitted a PR with a fix and test here: #17036

[Acconut]

Thank you very much for patching this so quickly, Daniel! I can confirm that the problem is gone for the latest master branch.