moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-13 13:05:03 -05:00
Code Issues Releases Wiki Activity

http: fix the check for 'Authorization' with Bearer

Browse Source 
The code would wrongly check for it using an additional colon.

Reported-by: Blake Burkhart
Closes #6988
This commit is contained in:
Daniel Stenberg 2021-05-01 23:38:15 +02:00
parent 3a6058cb97
commit 8b9de77cd2
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/http.c
View File

@ -740,7 +740,7 @@ output_auth_headers(struct Curl_easy *data,
if(authstatus->picked == CURLAUTH_BEARER) { if(authstatus->picked == CURLAUTH_BEARER) {
/* Bearer */ /* Bearer */
if((!proxy && data->set.str[STRING_BEARER] && if((!proxy && data->set.str[STRING_BEARER] &&
!Curl_checkheaders(data, "Authorization:"))) { !Curl_checkheaders(data, "Authorization"))) {
auth = "Bearer"; auth = "Bearer";
result = http_output_bearer(data); result = http_output_bearer(data);
if(result) if(result)

2
lib/transfer.c
View File

@ -99,6 +99,8 @@ char *Curl_checkheaders(const struct Curl_easy *data,
{ {
struct curl_slist *head; struct curl_slist *head;
size_t thislen = strlen(thisheader); size_t thislen = strlen(thisheader);
DEBUGASSERT(thislen);
DEBUGASSERT(thisheader[thislen-1] != ':');
for(head = data->set.headers; head; head = head->next) { for(head = data->set.headers; head; head = head->next) {
if(strncasecompare(head->data, thisheader, thislen) && if(strncasecompare(head->data, thisheader, thislen) &&