- Anatoli Tubman found and fixed a crash with Negotiate authentication used on

a re-used connection where both requests used Negotiate.
2024-12-21 15:48:49 -05:00 · 2008-03-01 22:32:03 +00:00 · 2008-03-01 22:32:03 +00:00 · 590f0358d8
commit 590f0358d8
parent 115446be37
5 changed files with 17 additions and 6 deletions
--- a/4
+++ b/4
@ -6,6 +6,10 @@

                                  Changelog

+Daniel S (1 Mar 2008)
+- Anatoli Tubman found and fixed a crash with Negotiate authentication used on
+  a re-used connection where both requests used Negotiate.
+
 Guenter Knauf (26 Feb 2008)
 - Kaspar Brand provided a patch to support server name indication (RFC 4366).

--- a/4
+++ b/4
@ -32,6 +32,7 @@ This release includes the following bugfixes:
 o test case 405 failures with GnuTLS builds
 o crash when connection cache size is 1 and Curl_do() failed
 o GnuTLS-built libcurl can now be forced to prefer SSLv3
+ o crash when doing Negotiate again on a re-used connection

 This release includes the following known bugs:

@ -50,6 +51,7 @@ advice from friends like these:

 Michal Marek, Dmitry Kurochkin, Niklas Angebrand, Günter Knauf, Yang Tse,
 Dan Fandrich, Mike Hommey, Pooyan McSporran, Jerome Muffat-Meridol,
- Kaspar Brand, Gautam Kachroo, Zmey Petroff, Georg Lippitsch, Sam Listopad
+ Kaspar Brand, Gautam Kachroo, Zmey Petroff, Georg Lippitsch, Sam Listopad,
+ Anatoli Tubman

        Thanks! (and sorry if I forgot to mention someone)
--- a/2
+++ b/2
@ -6,8 +6,6 @@ To be addressed before 7.18.1 (planned release: April 2008)

 123 - Mike Protts' SFTP resume download

-124 - Anatoli Tubman's fix for a Negotiate: crash
-
 125 - Michal Marek's typechecker-gcc work

 126 -
--- a/lib/http.c
+++ b/lib/http.c
@ -2358,6 +2358,14 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
                  te
                );

+    /*
+     * Free userpwd now --- cannot reuse this for Negotiate and possibly NTLM
+     * with basic and digest, it will be freed anyway by the next request
+     */
+
+    Curl_safefree (conn->allocptr.userpwd);
+    conn->allocptr.userpwd = NULL;
+
    if(result)
      return result;

--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -255,7 +255,6 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
 {
  struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg:
    &conn->data->state.negotiate;
-  OM_uint32 minor_status;
  char *encoded = NULL;
  int len;

@ -309,7 +308,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
    aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "",
            neg_ctx->protocol, encoded);
  free(encoded);
-  gss_release_buffer(&minor_status, &neg_ctx->output_token);
+  Curl_cleanup_negotiate (conn->data);
  return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK;
 }