cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] http: avoid auth failure on a duplicated header

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Fri, 9 May 2014 07:34:15 +0200

... 'WWW-Authenticate: Negotiate' received from server

Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348

---
 RELEASE-NOTES | 2 ++
 lib/http.c    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index f535d52..1261fe4 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -57,20 +57,21 @@ This release includes the following bugfixes:
  o INFILESIZE: fields in UserDefined must not be changed run-time
  o openssl: biomem->data is not zero terminated
  o config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up
  o curl_ntlm_core: Fixed use of long long for VC6 and VC7
  o SNI: strip off a single trailing dot from host name [12]
  o curl: bail on cookie use when built with disabled cookies
  o curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS
  o curl_multi_cleanup: ignore SIGPIPE better [13]
  o schannel: don't use the connect-timeout during send [14]
  o mprintf: allow %.s with data not being zero terminated
+ o http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header [15]
 
 This release includes the following known bugs:
 
  o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
   Cody Mack, Damian Dixon, Dan Fandrich, Daniel Johnson, Daniel Stenberg,
   Dilyan Palauzov, Jeff King, Jeroen Koekkoek, Kamil Dudka, Leon Winter,
@@ -89,10 +90,11 @@ References to bug reports and discussions on issues:
  [5] = http://curl.haxx.se/mail/lib-2014-04/0053.html
  [6] = http://curl.haxx.se/mail/lib-2014-04/0063.html
  [7] = http://curl.haxx.se/mail/lib-2014-04/0067.html
  [8] = http://curl.haxx.se/mail/lib-2014-04/0159.html
  [9] = http://curl.haxx.se/bug/view.cgi?id=1362
  [10] = http://curl.haxx.se/mail/lib-2014-04/0145.html
  [11] = https://github.com/bagder/curl/pull/97
  [12] = http://curl.haxx.se/mail/lib-2014-04/0161.html
  [13] = http://thread.gmane.org/gmane.comp.version-control.git/238242
  [14] = http://curl.haxx.se/bug/view.cgi?id=1352
+ [15] = https://bugzilla.redhat.com/1093348
diff --git a/lib/http.c b/lib/http.c
index fb43349..937d241 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -773,21 +773,21 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
       *availp |= CURLAUTH_GSSNEGOTIATE;
       authp->avail |= CURLAUTH_GSSNEGOTIATE;
 
       if(authp->picked == CURLAUTH_GSSNEGOTIATE) {
         if(data->state.negotiate.state == GSS_AUTHSENT) {
           /* if we sent GSS authentication in the outgoing request and we get
              this back, we're in trouble */
           infof(data, "Authentication problem. Ignoring this.\n");
           data->state.authproblem = TRUE;
         }
-        else {
+        else if(data->state.negotiate.state == GSS_AUTHNONE) {
           neg = Curl_input_negotiate(conn, proxy, auth);
           if(neg == 0) {
             DEBUGASSERT(!data->req.newurl);
             data->req.newurl = strdup(data->change.url);
             if(!data->req.newurl)
               return CURLE_OUT_OF_MEMORY;
             data->state.authproblem = FALSE;
             /* we received GSS auth info and we dealt with it fine */
             data->state.negotiate.state = GSS_AUTHRECV;
           }
-- 
1.8.3.1
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-09