Hi,

Some months ago, I posted a bugreport on the mailing list:
http://curl.haxx.se/mail/lib-2007-03/0041.html

See below for a possible fix by Chris Flerackers.

kind regards,

Sigrid

Scenario
--------
- Perfoming a POST request with body
- With authentication (only Digest)
- Re-using a connection
libcurl would send a HTTP POST with an Authorization header but without
body. Our server would return 400 Bad Request in that case (because
authentication passed, but the body was empty).

Cause
-----
1) http_digest.c -> Curl_output_digest
- Updates allocptr.userpwd/allocptr.proxyuserpwd *only* if d->nonce is
filled in (and no errors)
- authp->done = TRUE if d->nonce is filled in
2) http.c -> Curl_http
- *Always* uses allocptr.userpwd/allocptr.proxyuserpwd if not NULL
3) http.c -> Curl_http, Curl_http_output_auth
So what happens is that Curl_output_digest cannot yet update the
Authorization header (allocptr.userpwd) which results in
authhost->done=0 -> authhost->multi=1 -> conn->bits.authneg = TRUE.
The body is not added. *However*, allocptr.userpwd is still used when
building the request

Fix

---
- allocptr.userpwd/allocptr.proxyuserpwd must be freed/zeroed when
authhost->done=0
See possible patch attached
-- 
Best regards,
Chris

Index: lib/http_digest.c
===================================================================
--- lib/http_digest.c (revision 21065)
+++ lib/http_digest.c (working copy)
@@ -266,6 +266,12 @@
     authp = &data->state.authhost;
   }
 
+ if (*allocuserpwd)
+ {
+ Curl_safefree(*allocuserpwd);
+ *allocuserpwd = NULL;
+ }
+
   /* not set means empty */
   if(!userp)
     userp=(char *)"";
@@ -388,8 +394,6 @@
     nonce="1053604145", uri="/64", response="c55f7f30d83d774a3d2dcacf725abaca"
   */
 
- Curl_safefree(*allocuserpwd);
-
   if (d->qop) {
     *allocuserpwd =
       aprintf( "%sAuthorization: Digest "
Received on 2007-07-20