Commit f16bed0 broke the ability to use the --create-dirs to create folders from a service running as system (not sure if that is a unique case or not). The service calls curl The command below fails with this change, reverting the change fixes the issue.
"C:\Program Files (x86)\curl\curl.exe" -k -L -o "D:\temp\system\curl.exe.tmp" -D "D:\temp\system\curl.exe.hdr" --create-dirs https://10.10.1.1/Download/curl.exe, creates the folder but then errors out and fails to download the file(s) this is whether the folder(s) existed or not.
We are calling curl from the service via CreateProcess(exeName, argList, &saProc, &saThread,
FALSE, CREATE_BREAKAWAY_FROM_JOB, NULL, NULL, &si, &piProc);
folder temp\system to be created and curl.exe to be downloaded into it. Folder does get created but then it fails to download the file and errors with the message You don't have permission to create D:.
- When creating a directory hierarchy do not error when mkdir fails due
to error EACCESS (13) "access denied".
Some file systems allow for directory traversal; in this case that it
should be possible to create child directories when permission to the
parent directory is restricted.
This is a regression caused by me in f16bed0 (precedes curl-7_61_1).
Basically I had assumed that if a directory already existed it would
fail only with error EEXIST, and not error EACCES. The latter may
happen if the directory exists but has certain restricted permissions.
create_dir_hierarchy erroneously attempts to create the drive's current directory which may not exist, and if it does exist may be access denied. This is specific to Windows/MSDOS which stores a per-process table of drives and their current directories. For example your outfile D:\temp\system\curl.exe.tmp is broken down and mkdir called on each token:
D: represents the current directory so it's calling mkdir D: which could be D:\foo\bar or whatever for all we know. Although in this case we'll assume it's actually D:\ which would cause access denied. Prior versions of curl work because they ignored access denied errors and allowed for directory traversal, which is acceptable with the outfile path. The changes I made restore that behavior (without the race condition whose fix caused this regression) and also I added a check for current directory drives to skip them. In other words no longer mkdir D: there's no reason for that.