1 files changed, 380 insertions, 0 deletions
diff --git a/meta/recipes-support/curl/curl/CVE-2023-28322.patch b/meta/recipes-support/curl/curl/CVE-2023-28322.patch
new file mode 100644
index 0000000000..9351a2c286
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-28322.patch
@@ -0,0 +1,380 @@
+CVE: CVE-2023-28322
+Upstream-Status: Backport [ import patch from ubuntu curl_7.68.0-1ubuntu2.20
+upstream https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+Backport of:
+From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 25 Apr 2023 08:28:01 +0200
+Subject: [PATCH] lib: unify the upload/method handling
+By making sure we set state.upload based on the set.method value and not
+independently as set.upload, we reduce confusion and mixup risks, both
+internally and externally.
+Closes #11017
+---
+ lib/curl_rtmp.c    | 4 ++--
+ lib/file.c         | 4 ++--
+ lib/ftp.c          | 8 ++++----
+ lib/http.c         | 4 ++--
+ lib/imap.c         | 6 +++---
+ lib/rtsp.c         | 4 ++--
+ lib/setopt.c       | 6 ++----
+ lib/smb.c          | 6 +++---
+ lib/smtp.c         | 4 ++--
+ lib/tftp.c         | 8 ++++----
+ lib/transfer.c     | 4 ++--
+ lib/urldata.h      | 2 +-
+ lib/vssh/libssh.c  | 6 +++---
+ lib/vssh/libssh2.c | 6 +++---
+ lib/vssh/wolfssh.c | 2 +-
+ 15 files changed, 36 insertions(+), 38 deletions(-)
+--- a/lib/curl_rtmp.c
+++ b/lib/curl_rtmp.c
+@@ -213,7 +213,7 @@ static CURLcode rtmp_connect(struct conn
+   /* We have to know if it's a write before we send the
+    * connect request packet
+    */
+-  if(conn->data->set.upload)
+  if(conn->data->state.upload)
+     r->Link.protocol |= RTMP_FEATURE_WRITE;
+ 
+   /* For plain streams, use the buffer toggle trick to keep data flowing */
+@@ -245,7 +245,7 @@ static CURLcode rtmp_do(struct connectda
+   if(!RTMP_ConnectStream(r, 0))
+     return CURLE_FAILED_INIT;
+ 
+-  if(conn->data->set.upload) {
+  if(conn->data->state.upload) {
+     Curl_pgrsSetUploadSize(data, data->state.infilesize);
+     Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET);
+   }
+--- a/lib/file.c
+++ b/lib/file.c
+@@ -198,7 +198,7 @@ static CURLcode file_connect(struct conn
+   file->freepath = real_path; /* free this when done */
+ 
+   file->fd = fd;
+-  if(!data->set.upload && (fd == -1)) {
+  if(!data->state.upload && (fd == -1)) {
+     failf(data, "Couldn't open file %s", data->state.up.path);
+     file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE);
+     return CURLE_FILE_COULDNT_READ_FILE;
+@@ -390,7 +390,7 @@ static CURLcode file_do(struct connectda
+ 
+   Curl_pgrsStartNow(data);
+ 
+-  if(data->set.upload)
+  if(data->state.upload)
+     return file_upload(conn);
+ 
+   file = conn->data->req.protop;
+--- a/lib/ftp.c
+++ b/lib/ftp.c
+@@ -1371,7 +1371,7 @@ static CURLcode ftp_state_prepare_transf
+                 data->set.str[STRING_CUSTOMREQUEST]:
+                 (data->set.ftp_list_only?"NLST":"LIST"));
+       }
+-      else if(data->set.upload) {
+      else if(data->state.upload) {
+         PPSENDF(&conn->proto.ftpc.pp, "PRET STOR %s", conn->proto.ftpc.file);
+       }
+       else {
+@@ -3303,7 +3303,7 @@ static CURLcode ftp_done(struct connectd
+     /* the response code from the transfer showed an error already so no
+        use checking further */
+     ;
+-  else if(data->set.upload) {
+  else if(data->state.upload) {
+     if((-1 != data->state.infilesize) &&
+        (data->state.infilesize != data->req.writebytecount) &&
+        !data->set.crlf &&
+@@ -3570,7 +3570,7 @@ static CURLcode ftp_do_more(struct conne
+                            connected back to us */
+       }
+     }
+-    else if(data->set.upload) {
+    else if(data->state.upload) {
+       result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_STOR_TYPE);
+       if(result)
+         return result;
+@@ -4209,7 +4209,7 @@ CURLcode ftp_parse_url_path(struct conne
+     ftpc->file = NULL; /* instead of point to a zero byte,
+                             we make it a NULL pointer */
+ 
+-  if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) {
+  if(data->state.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) {
+     /* We need a file name when uploading. Return error! */
+     failf(data, "Uploading to a URL without a file name!");
+     free(rawPath);
+--- a/lib/http.c
+++ b/lib/http.c
+@@ -2080,7 +2080,7 @@ CURLcode Curl_http(struct connectdata *c
+   }
+ 
+   if((conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_FTP)) &&
+-     data->set.upload) {
+     data->state.upload) {
+     httpreq = HTTPREQ_PUT;
+   }
+ 
+@@ -2261,7 +2261,7 @@ CURLcode Curl_http(struct connectdata *c
+     if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
+        (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) &&
+          http->postsize < 0) ||
+-        ((data->set.upload || httpreq == HTTPREQ_POST) &&
+        ((data->state.upload || httpreq == HTTPREQ_POST) &&
+          data->state.infilesize == -1))) {
+       if(conn->bits.authneg)
+         /* don't enable chunked during auth neg */
+--- a/lib/imap.c
+++ b/lib/imap.c
+@@ -1469,11 +1469,11 @@ static CURLcode imap_done(struct connect
+     result = status;         /* use the already set error code */
+   }
+   else if(!data->set.connect_only && !imap->custom &&
+-          (imap->uid || imap->mindex || data->set.upload ||
+          (imap->uid || imap->mindex || data->state.upload ||
+           data->set.mimepost.kind != MIMEKIND_NONE)) {
+     /* Handle responses after FETCH or APPEND transfer has finished */
+ 
+-    if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE)
+    if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE)
+       state(conn, IMAP_FETCH_FINAL);
+     else {
+       /* End the APPEND command first by sending an empty line */
+@@ -1539,7 +1539,7 @@ static CURLcode imap_perform(struct conn
+     selected = TRUE;
+ 
+   /* Start the first command in the DO phase */
+-  if(conn->data->set.upload || data->set.mimepost.kind != MIMEKIND_NONE)
+  if(conn->data->state.upload || data->set.mimepost.kind != MIMEKIND_NONE)
+     /* APPEND can be executed directly */
+     result = imap_perform_append(conn);
+   else if(imap->custom && (selected || !imap->mailbox))
+--- a/lib/rtsp.c
+++ b/lib/rtsp.c
+@@ -499,7 +499,7 @@ static CURLcode rtsp_do(struct connectda
+      rtspreq == RTSPREQ_SET_PARAMETER ||
+      rtspreq == RTSPREQ_GET_PARAMETER) {
+ 
+-    if(data->set.upload) {
+    if(data->state.upload) {
+       putsize = data->state.infilesize;
+       data->set.httpreq = HTTPREQ_PUT;
+ 
+@@ -518,7 +518,7 @@ static CURLcode rtsp_do(struct connectda
+         result =
+           Curl_add_bufferf(&req_buffer,
+                            "Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
+-                           (data->set.upload ? putsize : postsize));
+                           (data->state.upload ? putsize : postsize));
+         if(result)
+           return result;
+       }
+--- a/lib/setopt.c
+++ b/lib/setopt.c
+@@ -258,8 +258,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *
+      * We want to sent data to the remote host. If this is HTTP, that equals
+      * using the PUT request.
+      */
+-    data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE;
+-    if(data->set.upload) {
+    arg = va_arg(param, long);
+    if(arg) {
+       /* If this is HTTP, PUT is what's needed to "upload" */
+       data->set.httpreq = HTTPREQ_PUT;
+       data->set.opt_no_body = FALSE; /* this is implied */
+@@ -486,7 +486,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *
+     }
+     else
+       data->set.httpreq = HTTPREQ_GET;
+-    data->set.upload = FALSE;
+     break;
+ 
+   case CURLOPT_COPYPOSTFIELDS:
+@@ -797,7 +796,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *
+      */
+     if(va_arg(param, long)) {
+       data->set.httpreq = HTTPREQ_GET;
+-      data->set.upload = FALSE; /* switch off upload */
+       data->set.opt_no_body = FALSE; /* this is implied */
+     }
+     break;
+--- a/lib/smb.c
+++ b/lib/smb.c
+@@ -516,7 +516,7 @@ static CURLcode smb_send_open(struct con
+   byte_count = strlen(req->path);
+   msg.name_length = smb_swap16((unsigned short)byte_count);
+   msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
+-  if(conn->data->set.upload) {
+  if(conn->data->state.upload) {
+     msg.access = smb_swap32(SMB_GENERIC_READ | SMB_GENERIC_WRITE);
+     msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
+   }
+@@ -792,7 +792,7 @@ static CURLcode smb_request_state(struct
+     smb_m = (const struct smb_nt_create_response*) msg;
+     req->fid = smb_swap16(smb_m->fid);
+     conn->data->req.offset = 0;
+-    if(conn->data->set.upload) {
+    if(conn->data->state.upload) {
+       conn->data->req.size = conn->data->state.infilesize;
+       Curl_pgrsSetUploadSize(conn->data, conn->data->req.size);
+       next_state = SMB_UPLOAD;
+--- a/lib/smtp.c
+++ b/lib/smtp.c
+@@ -1210,7 +1210,7 @@ static CURLcode smtp_done(struct connect
+     result = status;         /* use the already set error code */
+   }
+   else if(!data->set.connect_only && data->set.mail_rcpt &&
+-          (data->set.upload || data->set.mimepost.kind)) {
+          (data->state.upload || data->set.mimepost.kind)) {
+     /* Calculate the EOB taking into account any terminating CRLF from the
+        previous line of the email or the CRLF of the DATA command when there
+        is "no mail data". RFC-5321, sect. 4.1.1.4.
+@@ -1297,7 +1297,7 @@ static CURLcode smtp_perform(struct conn
+   smtp->eob = 2;
+ 
+   /* Start the first command in the DO phase */
+-  if((data->set.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
+  if((data->state.upload || data->set.mimepost.kind) && data->set.mail_rcpt)
+     /* MAIL transfer */
+     result = smtp_perform_mail(conn);
+   else
+--- a/lib/tftp.c
+++ b/lib/tftp.c
+@@ -390,7 +390,7 @@ static CURLcode tftp_parse_option_ack(tf
+ 
+       /* tsize should be ignored on upload: Who cares about the size of the
+          remote file? */
+-      if(!data->set.upload) {
+      if(!data->state.upload) {
+         if(!tsize) {
+           failf(data, "invalid tsize -:%s:- value in OACK packet", value);
+           return CURLE_TFTP_ILLEGAL;
+@@ -470,7 +470,7 @@ static CURLcode tftp_send_first(tftp_sta
+       return result;
+     }
+ 
+-    if(data->set.upload) {
+    if(data->state.upload) {
+       /* If we are uploading, send an WRQ */
+       setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
+       state->conn->data->req.upload_fromhere =
+@@ -505,7 +505,7 @@ static CURLcode tftp_send_first(tftp_sta
+     if(!data->set.tftp_no_options) {
+       char buf[64];
+       /* add tsize option */
+-      if(data->set.upload && (data->state.infilesize != -1))
+      if(data->state.upload && (data->state.infilesize != -1))
+         msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
+                   data->state.infilesize);
+       else
+@@ -559,7 +559,7 @@ static CURLcode tftp_send_first(tftp_sta
+     break;
+ 
+   case TFTP_EVENT_OACK:
+-    if(data->set.upload) {
+    if(data->state.upload) {
+       result = tftp_connect_for_tx(state, event);
+     }
+     else {
+--- a/lib/transfer.c
+++ b/lib/transfer.c
+@@ -1405,6 +1405,7 @@ void Curl_init_CONNECT(struct Curl_easy
+ {
+   data->state.fread_func = data->set.fread_func_set;
+   data->state.in = data->set.in_set;
+  data->state.upload = (data->set.httpreq == HTTPREQ_PUT);
+ }
+ 
+ /*
+@@ -1816,7 +1817,7 @@ CURLcode Curl_retry_request(struct conne
+ 
+   /* if we're talking upload, we can't do the checks below, unless the protocol
+      is HTTP as when uploading over HTTP we will still get a response */
+-  if(data->set.upload &&
+  if(data->state.upload &&
+      !(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)))
+     return CURLE_OK;
+ 
+--- a/lib/urldata.h
+++ b/lib/urldata.h
+@@ -1427,6 +1427,7 @@ struct UrlState {
+   BIT(stream_depends_e); /* set or don't set the Exclusive bit */
+   BIT(previouslypending); /* this transfer WAS in the multi->pending queue */
+   BIT(cookie_engine);
+  BIT(upload);         /* upload request */
+ };
+ 
+ 
+@@ -1762,7 +1763,6 @@ struct UserDefined {
+   BIT(http_auto_referer); /* set "correct" referer when following
+                              location: */
+   BIT(opt_no_body);    /* as set with CURLOPT_NOBODY */
+-  BIT(upload);         /* upload request */
+   BIT(verbose);        /* output verbosity */
+   BIT(krb);            /* Kerberos connection requested */
+   BIT(reuse_forbid);   /* forbidden to be reused, close after use */
+--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
+@@ -1076,7 +1076,7 @@ static CURLcode myssh_statemach_act(stru
+     }
+ 
+     case SSH_SFTP_TRANS_INIT:
+-      if(data->set.upload)
+      if(data->state.upload)
+         state(conn, SSH_SFTP_UPLOAD_INIT);
+       else {
+         if(protop->path[strlen(protop->path)-1] == '/')
+@@ -1686,7 +1686,7 @@ static CURLcode myssh_statemach_act(stru
+       /* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */
+       ssh_set_blocking(sshc->ssh_session, 1);
+ 
+-      if(data->set.upload) {
+      if(data->state.upload) {
+         if(data->state.infilesize < 0) {
+           failf(data, "SCP requires a known file size for upload");
+           sshc->actualcode = CURLE_UPLOAD_FAILED;
+@@ -1787,7 +1787,7 @@ static CURLcode myssh_statemach_act(stru
+         break;
+       }
+     case SSH_SCP_DONE:
+-      if(data->set.upload)
+      if(data->state.upload)
+         state(conn, SSH_SCP_SEND_EOF);
+       else
+         state(conn, SSH_SCP_CHANNEL_FREE);
+--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
+@@ -1664,7 +1664,7 @@ static CURLcode ssh_statemach_act(struct
+     }
+ 
+     case SSH_SFTP_TRANS_INIT:
+-      if(data->set.upload)
+      if(data->state.upload)
+         state(conn, SSH_SFTP_UPLOAD_INIT);
+       else {
+         if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
+@@ -2366,7 +2366,7 @@ static CURLcode ssh_statemach_act(struct
+         break;
+       }
+ 
+-      if(data->set.upload) {
+      if(data->state.upload) {
+         if(data->state.infilesize < 0) {
+           failf(data, "SCP requires a known file size for upload");
+           sshc->actualcode = CURLE_UPLOAD_FAILED;
+@@ -2504,7 +2504,7 @@ static CURLcode ssh_statemach_act(struct
+     break;
+ 
+     case SSH_SCP_DONE:
+-      if(data->set.upload)
+      if(data->state.upload)
+         state(conn, SSH_SCP_SEND_EOF);
+       else
+         state(conn, SSH_SCP_CHANNEL_FREE);

diff --git a/meta/recipes-support/curl/curl/CVE-2023-28322.patch b/meta/recipes-support/curl/curl/CVE-2023-28322.patch new file mode 100644 index 0000000000..9351a2c286 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2023-28322.patch
@@ -0,0 +1,380 @@
	1	CVE: CVE-2023-28322
	2	Upstream-Status: Backport [ import patch from ubuntu curl_7.68.0-1ubuntu2.20
	3	upstream https://github.com/curl/curl/commit/7815647d6582c0a4900be2e1de ]
	4	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
	5
	6	Backport of:
	7
	8	From 7815647d6582c0a4900be2e1de6c5e61272c496b Mon Sep 17 00:00:00 2001
	9	From: Daniel Stenberg <daniel@haxx.se>
	10	Date: Tue, 25 Apr 2023 08:28:01 +0200
	11	Subject: [PATCH] lib: unify the upload/method handling
	12
	13	By making sure we set state.upload based on the set.method value and not
	14	independently as set.upload, we reduce confusion and mixup risks, both
	15	internally and externally.
	16
	17	Closes #11017
	18	---
	19	lib/curl_rtmp.c \| 4 ++--
	20	lib/file.c \| 4 ++--
	21	lib/ftp.c \| 8 ++++----
	22	lib/http.c \| 4 ++--
	23	lib/imap.c \| 6 +++---
	24	lib/rtsp.c \| 4 ++--
	25	lib/setopt.c \| 6 ++----
	26	lib/smb.c \| 6 +++---
	27	lib/smtp.c \| 4 ++--
	28	lib/tftp.c \| 8 ++++----
	29	lib/transfer.c \| 4 ++--
	30	lib/urldata.h \| 2 +-
	31	lib/vssh/libssh.c \| 6 +++---
	32	lib/vssh/libssh2.c \| 6 +++---
	33	lib/vssh/wolfssh.c \| 2 +-
	34	15 files changed, 36 insertions(+), 38 deletions(-)
	35
	36	--- a/lib/curl_rtmp.c
	37	+++ b/lib/curl_rtmp.c
	38	@@ -213,7 +213,7 @@ static CURLcode rtmp_connect(struct conn
	39	/* We have to know if it's a write before we send the
	40	* connect request packet
	41	*/
	42	- if(conn->data->set.upload)
	43	+ if(conn->data->state.upload)
	44	r->Link.protocol \|= RTMP_FEATURE_WRITE;
	45
	46	/* For plain streams, use the buffer toggle trick to keep data flowing */
	47	@@ -245,7 +245,7 @@ static CURLcode rtmp_do(struct connectda
	48	if(!RTMP_ConnectStream(r, 0))
	49	return CURLE_FAILED_INIT;
	50
	51	- if(conn->data->set.upload) {
	52	+ if(conn->data->state.upload) {
	53	Curl_pgrsSetUploadSize(data, data->state.infilesize);
	54	Curl_setup_transfer(data, -1, -1, FALSE, FIRSTSOCKET);
	55	}
	56	--- a/lib/file.c
	57	+++ b/lib/file.c
	58	@@ -198,7 +198,7 @@ static CURLcode file_connect(struct conn
	59	file->freepath = real_path; /* free this when done */
	60
	61	file->fd = fd;
	62	- if(!data->set.upload && (fd == -1)) {
	63	+ if(!data->state.upload && (fd == -1)) {
	64	failf(data, "Couldn't open file %s", data->state.up.path);
	65	file_done(conn, CURLE_FILE_COULDNT_READ_FILE, FALSE);
	66	return CURLE_FILE_COULDNT_READ_FILE;
	67	@@ -390,7 +390,7 @@ static CURLcode file_do(struct connectda
	68
	69	Curl_pgrsStartNow(data);
	70
	71	- if(data->set.upload)
	72	+ if(data->state.upload)
	73	return file_upload(conn);
	74
	75	file = conn->data->req.protop;
	76	--- a/lib/ftp.c
	77	+++ b/lib/ftp.c
	78	@@ -1371,7 +1371,7 @@ static CURLcode ftp_state_prepare_transf
	79	data->set.str[STRING_CUSTOMREQUEST]:
	80	(data->set.ftp_list_only?"NLST":"LIST"));
	81	}
	82	- else if(data->set.upload) {
	83	+ else if(data->state.upload) {
	84	PPSENDF(&conn->proto.ftpc.pp, "PRET STOR %s", conn->proto.ftpc.file);
	85	}
	86	else {
	87	@@ -3303,7 +3303,7 @@ static CURLcode ftp_done(struct connectd
	88	/* the response code from the transfer showed an error already so no
	89	use checking further */
	90	;
	91	- else if(data->set.upload) {
	92	+ else if(data->state.upload) {
	93	if((-1 != data->state.infilesize) &&
	94	(data->state.infilesize != data->req.writebytecount) &&
	95	!data->set.crlf &&
	96	@@ -3570,7 +3570,7 @@ static CURLcode ftp_do_more(struct conne
	97	connected back to us */
	98	}
	99	}
	100	- else if(data->set.upload) {
	101	+ else if(data->state.upload) {
	102	result = ftp_nb_type(conn, data->set.prefer_ascii, FTP_STOR_TYPE);
	103	if(result)
	104	return result;
	105	@@ -4209,7 +4209,7 @@ CURLcode ftp_parse_url_path(struct conne
	106	ftpc->file = NULL; /* instead of point to a zero byte,
	107	we make it a NULL pointer */
	108
	109	- if(data->set.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) {
	110	+ if(data->state.upload && !ftpc->file && (ftp->transfer == FTPTRANSFER_BODY)) {
	111	/* We need a file name when uploading. Return error! */
	112	failf(data, "Uploading to a URL without a file name!");
	113	free(rawPath);
	114	--- a/lib/http.c
	115	+++ b/lib/http.c
	116	@@ -2080,7 +2080,7 @@ CURLcode Curl_http(struct connectdata *c
	117	}
	118
	119	if((conn->handler->protocol&(PROTO_FAMILY_HTTP\|CURLPROTO_FTP)) &&
	120	- data->set.upload) {
	121	+ data->state.upload) {
	122	httpreq = HTTPREQ_PUT;
	123	}
	124
	125	@@ -2261,7 +2261,7 @@ CURLcode Curl_http(struct connectdata *c
	126	if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
	127	(((httpreq == HTTPREQ_POST_MIME \|\| httpreq == HTTPREQ_POST_FORM) &&
	128	http->postsize < 0) \|\|
	129	- ((data->set.upload \|\| httpreq == HTTPREQ_POST) &&
	130	+ ((data->state.upload \|\| httpreq == HTTPREQ_POST) &&
	131	data->state.infilesize == -1))) {
	132	if(conn->bits.authneg)
	133	/* don't enable chunked during auth neg */
	134	--- a/lib/imap.c
	135	+++ b/lib/imap.c
	136	@@ -1469,11 +1469,11 @@ static CURLcode imap_done(struct connect
	137	result = status; /* use the already set error code */
	138	}
	139	else if(!data->set.connect_only && !imap->custom &&
	140	- (imap->uid \|\| imap->mindex \|\| data->set.upload \|\|
	141	+ (imap->uid \|\| imap->mindex \|\| data->state.upload \|\|
	142	data->set.mimepost.kind != MIMEKIND_NONE)) {
	143	/* Handle responses after FETCH or APPEND transfer has finished */
	144
	145	- if(!data->set.upload && data->set.mimepost.kind == MIMEKIND_NONE)
	146	+ if(!data->state.upload && data->set.mimepost.kind == MIMEKIND_NONE)
	147	state(conn, IMAP_FETCH_FINAL);
	148	else {
	149	/* End the APPEND command first by sending an empty line */
	150	@@ -1539,7 +1539,7 @@ static CURLcode imap_perform(struct conn
	151	selected = TRUE;
	152
	153	/* Start the first command in the DO phase */
	154	- if(conn->data->set.upload \|\| data->set.mimepost.kind != MIMEKIND_NONE)
	155	+ if(conn->data->state.upload \|\| data->set.mimepost.kind != MIMEKIND_NONE)
	156	/* APPEND can be executed directly */
	157	result = imap_perform_append(conn);
	158	else if(imap->custom && (selected \|\| !imap->mailbox))
	159	--- a/lib/rtsp.c
	160	+++ b/lib/rtsp.c
	161	@@ -499,7 +499,7 @@ static CURLcode rtsp_do(struct connectda
	162	rtspreq == RTSPREQ_SET_PARAMETER \|\|
	163	rtspreq == RTSPREQ_GET_PARAMETER) {
	164
	165	- if(data->set.upload) {
	166	+ if(data->state.upload) {
	167	putsize = data->state.infilesize;
	168	data->set.httpreq = HTTPREQ_PUT;
	169
	170	@@ -518,7 +518,7 @@ static CURLcode rtsp_do(struct connectda
	171	result =
	172	Curl_add_bufferf(&req_buffer,
	173	"Content-Length: %" CURL_FORMAT_CURL_OFF_T"\r\n",
	174	- (data->set.upload ? putsize : postsize));
	175	+ (data->state.upload ? putsize : postsize));
	176	if(result)
	177	return result;
	178	}
	179	--- a/lib/setopt.c
	180	+++ b/lib/setopt.c
	181	@@ -258,8 +258,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *
	182	* We want to sent data to the remote host. If this is HTTP, that equals
	183	* using the PUT request.
	184	*/
	185	- data->set.upload = (0 != va_arg(param, long)) ? TRUE : FALSE;
	186	- if(data->set.upload) {
	187	+ arg = va_arg(param, long);
	188	+ if(arg) {
	189	/* If this is HTTP, PUT is what's needed to "upload" */
	190	data->set.httpreq = HTTPREQ_PUT;
	191	data->set.opt_no_body = FALSE; /* this is implied */
	192	@@ -486,7 +486,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *
	193	}
	194	else
	195	data->set.httpreq = HTTPREQ_GET;
	196	- data->set.upload = FALSE;
	197	break;
	198
	199	case CURLOPT_COPYPOSTFIELDS:
	200	@@ -797,7 +796,6 @@ CURLcode Curl_vsetopt(struct Curl_easy *
	201	*/
	202	if(va_arg(param, long)) {
	203	data->set.httpreq = HTTPREQ_GET;
	204	- data->set.upload = FALSE; /* switch off upload */
	205	data->set.opt_no_body = FALSE; /* this is implied */
	206	}
	207	break;
	208	--- a/lib/smb.c
	209	+++ b/lib/smb.c
	210	@@ -516,7 +516,7 @@ static CURLcode smb_send_open(struct con
	211	byte_count = strlen(req->path);
	212	msg.name_length = smb_swap16((unsigned short)byte_count);
	213	msg.share_access = smb_swap32(SMB_FILE_SHARE_ALL);
	214	- if(conn->data->set.upload) {
	215	+ if(conn->data->state.upload) {
	216	msg.access = smb_swap32(SMB_GENERIC_READ \| SMB_GENERIC_WRITE);
	217	msg.create_disposition = smb_swap32(SMB_FILE_OVERWRITE_IF);
	218	}
	219	@@ -792,7 +792,7 @@ static CURLcode smb_request_state(struct
	220	smb_m = (const struct smb_nt_create_response*) msg;
	221	req->fid = smb_swap16(smb_m->fid);
	222	conn->data->req.offset = 0;
	223	- if(conn->data->set.upload) {
	224	+ if(conn->data->state.upload) {
	225	conn->data->req.size = conn->data->state.infilesize;
	226	Curl_pgrsSetUploadSize(conn->data, conn->data->req.size);
	227	next_state = SMB_UPLOAD;
	228	--- a/lib/smtp.c
	229	+++ b/lib/smtp.c
	230	@@ -1210,7 +1210,7 @@ static CURLcode smtp_done(struct connect
	231	result = status; /* use the already set error code */
	232	}
	233	else if(!data->set.connect_only && data->set.mail_rcpt &&
	234	- (data->set.upload \|\| data->set.mimepost.kind)) {
	235	+ (data->state.upload \|\| data->set.mimepost.kind)) {
	236	/* Calculate the EOB taking into account any terminating CRLF from the
	237	previous line of the email or the CRLF of the DATA command when there
	238	is "no mail data". RFC-5321, sect. 4.1.1.4.
	239	@@ -1297,7 +1297,7 @@ static CURLcode smtp_perform(struct conn
	240	smtp->eob = 2;
	241
	242	/* Start the first command in the DO phase */
	243	- if((data->set.upload \|\| data->set.mimepost.kind) && data->set.mail_rcpt)
	244	+ if((data->state.upload \|\| data->set.mimepost.kind) && data->set.mail_rcpt)
	245	/* MAIL transfer */
	246	result = smtp_perform_mail(conn);
	247	else
	248	--- a/lib/tftp.c
	249	+++ b/lib/tftp.c
	250	@@ -390,7 +390,7 @@ static CURLcode tftp_parse_option_ack(tf
	251
	252	/* tsize should be ignored on upload: Who cares about the size of the
	253	remote file? */
	254	- if(!data->set.upload) {
	255	+ if(!data->state.upload) {
	256	if(!tsize) {
	257	failf(data, "invalid tsize -:%s:- value in OACK packet", value);
	258	return CURLE_TFTP_ILLEGAL;
	259	@@ -470,7 +470,7 @@ static CURLcode tftp_send_first(tftp_sta
	260	return result;
	261	}
	262
	263	- if(data->set.upload) {
	264	+ if(data->state.upload) {
	265	/* If we are uploading, send an WRQ */
	266	setpacketevent(&state->spacket, TFTP_EVENT_WRQ);
	267	state->conn->data->req.upload_fromhere =
	268	@@ -505,7 +505,7 @@ static CURLcode tftp_send_first(tftp_sta
	269	if(!data->set.tftp_no_options) {
	270	char buf[64];
	271	/* add tsize option */
	272	- if(data->set.upload && (data->state.infilesize != -1))
	273	+ if(data->state.upload && (data->state.infilesize != -1))
	274	msnprintf(buf, sizeof(buf), "%" CURL_FORMAT_CURL_OFF_T,
	275	data->state.infilesize);
	276	else
	277	@@ -559,7 +559,7 @@ static CURLcode tftp_send_first(tftp_sta
	278	break;
	279
	280	case TFTP_EVENT_OACK:
	281	- if(data->set.upload) {
	282	+ if(data->state.upload) {
	283	result = tftp_connect_for_tx(state, event);
	284	}
	285	else {
	286	--- a/lib/transfer.c
	287	+++ b/lib/transfer.c
	288	@@ -1405,6 +1405,7 @@ void Curl_init_CONNECT(struct Curl_easy
	289	{
	290	data->state.fread_func = data->set.fread_func_set;
	291	data->state.in = data->set.in_set;
	292	+ data->state.upload = (data->set.httpreq == HTTPREQ_PUT);
	293	}
	294
	295	/*
	296	@@ -1816,7 +1817,7 @@ CURLcode Curl_retry_request(struct conne
	297
	298	/* if we're talking upload, we can't do the checks below, unless the protocol
	299	is HTTP as when uploading over HTTP we will still get a response */
	300	- if(data->set.upload &&
	301	+ if(data->state.upload &&
	302	!(conn->handler->protocol&(PROTO_FAMILY_HTTP\|CURLPROTO_RTSP)))
	303	return CURLE_OK;
	304
	305	--- a/lib/urldata.h
	306	+++ b/lib/urldata.h
	307	@@ -1427,6 +1427,7 @@ struct UrlState {
	308	BIT(stream_depends_e); /* set or don't set the Exclusive bit */
	309	BIT(previouslypending); /* this transfer WAS in the multi->pending queue */
	310	BIT(cookie_engine);
	311	+ BIT(upload); /* upload request */
	312	};
	313
	314
	315	@@ -1762,7 +1763,6 @@ struct UserDefined {
	316	BIT(http_auto_referer); /* set "correct" referer when following
	317	location: */
	318	BIT(opt_no_body); /* as set with CURLOPT_NOBODY */
	319	- BIT(upload); /* upload request */
	320	BIT(verbose); /* output verbosity */
	321	BIT(krb); /* Kerberos connection requested */
	322	BIT(reuse_forbid); /* forbidden to be reused, close after use */
	323	--- a/lib/vssh/libssh.c
	324	+++ b/lib/vssh/libssh.c
	325	@@ -1076,7 +1076,7 @@ static CURLcode myssh_statemach_act(stru
	326	}
	327
	328	case SSH_SFTP_TRANS_INIT:
	329	- if(data->set.upload)
	330	+ if(data->state.upload)
	331	state(conn, SSH_SFTP_UPLOAD_INIT);
	332	else {
	333	if(protop->path[strlen(protop->path)-1] == '/')
	334	@@ -1686,7 +1686,7 @@ static CURLcode myssh_statemach_act(stru
	335	/* Functions from the SCP subsystem cannot handle/return SSH_AGAIN */
	336	ssh_set_blocking(sshc->ssh_session, 1);
	337
	338	- if(data->set.upload) {
	339	+ if(data->state.upload) {
	340	if(data->state.infilesize < 0) {
	341	failf(data, "SCP requires a known file size for upload");
	342	sshc->actualcode = CURLE_UPLOAD_FAILED;
	343	@@ -1787,7 +1787,7 @@ static CURLcode myssh_statemach_act(stru
	344	break;
	345	}
	346	case SSH_SCP_DONE:
	347	- if(data->set.upload)
	348	+ if(data->state.upload)
	349	state(conn, SSH_SCP_SEND_EOF);
	350	else
	351	state(conn, SSH_SCP_CHANNEL_FREE);
	352	--- a/lib/vssh/libssh2.c
	353	+++ b/lib/vssh/libssh2.c
	354	@@ -1664,7 +1664,7 @@ static CURLcode ssh_statemach_act(struct
	355	}
	356
	357	case SSH_SFTP_TRANS_INIT:
	358	- if(data->set.upload)
	359	+ if(data->state.upload)
	360	state(conn, SSH_SFTP_UPLOAD_INIT);
	361	else {
	362	if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
	363	@@ -2366,7 +2366,7 @@ static CURLcode ssh_statemach_act(struct
	364	break;
	365	}
	366
	367	- if(data->set.upload) {
	368	+ if(data->state.upload) {
	369	if(data->state.infilesize < 0) {
	370	failf(data, "SCP requires a known file size for upload");
	371	sshc->actualcode = CURLE_UPLOAD_FAILED;
	372	@@ -2504,7 +2504,7 @@ static CURLcode ssh_statemach_act(struct
	373	break;
	374
	375	case SSH_SCP_DONE:
	376	- if(data->set.upload)
	377	+ if(data->state.upload)
	378	state(conn, SSH_SCP_SEND_EOF);
	379	else
	380	state(conn, SSH_SCP_CHANNEL_FREE);