From 0ce484eed901f73cae89e25d9939a249729f15d3 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 10 Jan 2008 09:17:07 +0000
Subject: [PATCH] Nikitinskit Dmitriy filed bug report #1868255
 (http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies and
 fixes a problem with parsing WWW-Authenticate: headers with additional spaces
 in the line that the parser wasn't written to deal with.

---
 CHANGES           | 6 ++++++
 RELEASE-NOTES     | 1 +
 lib/http_digest.c | 5 ++++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index c9f6f9326..0ee689945 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,12 @@
 
                                   Changelog
 
+Daniel S (10 Jan 2008)
+- Nikitinskit Dmitriy filed bug report #1868255
+  (http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies
+  and fixes a problem with parsing WWW-Authenticate: headers with additional
+  spaces in the line that the parser wasn't written to deal with.
+
 Daniel S (8 Jan 2008)
 - Introducing curl_easy_pause() and new magic return codes for both the read
   and the write callbacks that now can make a connection's reading and/or
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index b8c85511e..bcfb898cc 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -46,6 +46,7 @@ This release includes the following bugfixes:
  o --libcurl now generates a return statement as well
  o socklen_t is no longer used in the public includes
  o time zone offsets from -1400 to +1400 are now accepted by the date parser
+ o allows more spaces in WWW/Proxy-Authenticate: headers
 
 This release includes the following known bugs:
 
diff --git a/lib/http_digest.c b/lib/http_digest.c
index e5efd3ef6..14612c527 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -180,6 +180,9 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
         break; /* we're done here */
 
       header += totlen;
+      /* pass all additional spaces here */
+      while(*header && ISSPACE(*header))
+        header++;
       if(',' == *header)
         /* allow the list to be comma-separated */
         header++;