Hi,

With current curl code, calling

curl_easy_setopt(handle, CURLOPT_USERPWD, "newuser:newpass");

on an recycled handle will not override previously set (user,password)
credentials if we are dealing with an underlying keep-alive reused
connection. Is this behavior intentional? Is it needed perhaps for NTLM
or some such connection-oriented thing like?

I am hoping that is not the case, since it would force me to keep track
of this special case and close connections when that really should not
be necessary. Please consider the attached patch that fixes things to be
I would consider more natural behavior.

The attached patch is diffed against current cvs, but is untested. An
equivalent patch against 7.12.1 was lightly tested with Basic
authentication and it worked for me.

Harshal

Index: url.c
===================================================================
RCS file: /cvsroot/curl/curl/lib/url.c,v
retrieving revision 1.432
diff -u -p -1 -0 -r1.432 url.c
--- url.c 13 Dec 2004 16:43:00 -0000 1.432
+++ url.c 14 Dec 2004 13:08:34 -0000
@@ -3124,21 +3124,38 @@ static CURLcode CreateConnection(struct
 
     /* free the SSL config struct from this connection struct as this was
        allocated in vain and is targeted for destruction */
     Curl_free_ssl_config(&conn->ssl_config);
 
     conn = conn_temp; /* use this connection from now on */
 
     /* get the user+password information from the old_conn struct since it may
      * be new for this request even when we re-use an existing connection */
     conn->bits.user_passwd = old_conn->bits.user_passwd;
+ if (conn->bits.user_passwd) {
+ Curl_safefree(conn->user);
+ Curl_safefree(conn->passwd);
+ conn->user = old_conn->user;
+ conn->passwd = old_conn->passwd;
+ old_conn->user = NULL;
+ old_conn->passwd = NULL;
+ }
+
     conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
+ if (conn->bits.proxy_user_passwd) {
+ Curl_safefree(conn->proxyuser);
+ Curl_safefree(conn->proxypasswd);
+ conn->proxyuser = old_conn->proxyuser;
+ conn->proxypasswd = old_conn->proxypasswd;
+ old_conn->proxyuser = NULL;
+ old_conn->proxypasswd = NULL;
+ }
 
     /* host can change, when doing keepalive with a proxy ! */
     if (conn->bits.httpproxy) {
       free(conn->host.rawalloc);
       conn->host=old_conn->host;
     }
 
     /* get the newly set value, not the old one */
     conn->bits.no_body = old_conn->bits.no_body;
 
Received on 2004-12-14