curl-library
[PATCH] http: avoid auth failure on a duplicated header
From: Kamil Dudka <kdudka_at_redhat.com>
Date: Fri, 9 May 2014 07:34:15 +0200
Date: Fri, 9 May 2014 07:34:15 +0200
... 'WWW-Authenticate: Negotiate' received from server
Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348
--- RELEASE-NOTES | 2 ++ lib/http.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index f535d52..1261fe4 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -57,20 +57,21 @@ This release includes the following bugfixes: o INFILESIZE: fields in UserDefined must not be changed run-time o openssl: biomem->data is not zero terminated o config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and up o curl_ntlm_core: Fixed use of long long for VC6 and VC7 o SNI: strip off a single trailing dot from host name [12] o curl: bail on cookie use when built with disabled cookies o curl_easy_setopt.3: added the proto for CURLOPT_SSH_KNOWNHOSTS o curl_multi_cleanup: ignore SIGPIPE better [13] o schannel: don't use the connect-timeout during send [14] o mprintf: allow %.s with data not being zero terminated + o http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header [15] This release includes the following known bugs: o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html) This release would not have looked like this without help, code, reports and advice from friends like these: Cody Mack, Damian Dixon, Dan Fandrich, Daniel Johnson, Daniel Stenberg, Dilyan Palauzov, Jeff King, Jeroen Koekkoek, Kamil Dudka, Leon Winter, @@ -89,10 +90,11 @@ References to bug reports and discussions on issues: [5] = http://curl.haxx.se/mail/lib-2014-04/0053.html [6] = http://curl.haxx.se/mail/lib-2014-04/0063.html [7] = http://curl.haxx.se/mail/lib-2014-04/0067.html [8] = http://curl.haxx.se/mail/lib-2014-04/0159.html [9] = http://curl.haxx.se/bug/view.cgi?id=1362 [10] = http://curl.haxx.se/mail/lib-2014-04/0145.html [11] = https://github.com/bagder/curl/pull/97 [12] = http://curl.haxx.se/mail/lib-2014-04/0161.html [13] = http://thread.gmane.org/gmane.comp.version-control.git/238242 [14] = http://curl.haxx.se/bug/view.cgi?id=1352 + [15] = https://bugzilla.redhat.com/1093348 diff --git a/lib/http.c b/lib/http.c index fb43349..937d241 100644 --- a/lib/http.c +++ b/lib/http.c @@ -773,21 +773,21 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, *availp |= CURLAUTH_GSSNEGOTIATE; authp->avail |= CURLAUTH_GSSNEGOTIATE; if(authp->picked == CURLAUTH_GSSNEGOTIATE) { if(data->state.negotiate.state == GSS_AUTHSENT) { /* if we sent GSS authentication in the outgoing request and we get this back, we're in trouble */ infof(data, "Authentication problem. Ignoring this.\n"); data->state.authproblem = TRUE; } - else { + else if(data->state.negotiate.state == GSS_AUTHNONE) { neg = Curl_input_negotiate(conn, proxy, auth); if(neg == 0) { DEBUGASSERT(!data->req.newurl); data->req.newurl = strdup(data->change.url); if(!data->req.newurl) return CURLE_OUT_OF_MEMORY; data->state.authproblem = FALSE; /* we received GSS auth info and we dealt with it fine */ data->state.negotiate.state = GSS_AUTHRECV; } -- 1.8.3.1 ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2014-05-09