Nikitinskit Dmitriy filed bug report #1868255

(http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies
and fixes a problem with parsing WWW-Authenticate: headers with additional
spaces in the line that the parser wasn't written to deal with.

CHANGES

@@ -6,6 +6,12 @@
 
                                   Changelog
 
+Daniel S (10 Jan 2008)
+- Nikitinskit Dmitriy filed bug report #1868255
+  (http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies
+  and fixes a problem with parsing WWW-Authenticate: headers with additional
+  spaces in the line that the parser wasn't written to deal with.
+
 Daniel S (8 Jan 2008)
 - Introducing curl_easy_pause() and new magic return codes for both the read
   and the write callbacks that now can make a connection's reading and/or

RELEASE-NOTES

@@ -46,6 +46,7 @@ This release includes the following bugfixes:
  o --libcurl now generates a return statement as well
  o socklen_t is no longer used in the public includes
  o time zone offsets from -1400 to +1400 are now accepted by the date parser
+ o allows more spaces in WWW/Proxy-Authenticate: headers
 
 This release includes the following known bugs:
 

lib/http_digest.c

@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -180,6 +180,9 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
         break; /* we're done here */
 
       header += totlen;
+      /* pass all additional spaces here */
+      while(*header && ISSPACE(*header))
+        header++;
       if(',' == *header)
         /* allow the list to be comma-separated */
         header++;