moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-03-03 02:41:59 -05:00
Code Issues Releases Wiki Activity

Curl_http_input_auth: require valid separator after negotiation type

Browse Source 
Closes #6993
This commit is contained in:
Harry Sintonen 2021-05-03 00:04:39 +03:00 committed by Daniel Stenberg
parent 8b9de77cd2
commit b75620b9a0
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/http.c
View File

@ -897,6 +897,11 @@ Curl_http_output_auth(struct Curl_easy *data,
* proxy CONNECT loop. * proxy CONNECT loop.
*/ */
static int is_valid_auth_separator(char ch)
{
return ch == '\0' || ch == ',' || ISSPACE(ch);
}
CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
const char *auth) /* the first non-space */ const char *auth) /* the first non-space */
{ {
@ -940,7 +945,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
while(*auth) { while(*auth) {
#ifdef USE_SPNEGO #ifdef USE_SPNEGO
if(checkprefix("Negotiate", auth)) { if(checkprefix("Negotiate", auth) && is_valid_auth_separator(auth[9])) {
if((authp->avail & CURLAUTH_NEGOTIATE) || if((authp->avail & CURLAUTH_NEGOTIATE) ||
Curl_auth_is_spnego_supported()) { Curl_auth_is_spnego_supported()) {
*availp |= CURLAUTH_NEGOTIATE; *availp |= CURLAUTH_NEGOTIATE;
@ -966,7 +971,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
#endif #endif
#ifdef USE_NTLM #ifdef USE_NTLM
/* NTLM support requires the SSL crypto libs */ /* NTLM support requires the SSL crypto libs */
if(checkprefix("NTLM", auth)) { if(checkprefix("NTLM", auth) && is_valid_auth_separator(auth[4])) {
if((authp->avail & CURLAUTH_NTLM) || if((authp->avail & CURLAUTH_NTLM) ||
(authp->avail & CURLAUTH_NTLM_WB) || (authp->avail & CURLAUTH_NTLM_WB) ||
Curl_auth_is_ntlm_supported()) { Curl_auth_is_ntlm_supported()) {
@ -1004,7 +1009,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
else else
#endif #endif
#ifndef CURL_DISABLE_CRYPTO_AUTH #ifndef CURL_DISABLE_CRYPTO_AUTH
if(checkprefix("Digest", auth)) { if(checkprefix("Digest", auth) && is_valid_auth_separator(auth[6])) {
if((authp->avail & CURLAUTH_DIGEST) != 0) if((authp->avail & CURLAUTH_DIGEST) != 0)
infof(data, "Ignoring duplicate digest auth header.\n"); infof(data, "Ignoring duplicate digest auth header.\n");
else if(Curl_auth_is_digest_supported()) { else if(Curl_auth_is_digest_supported()) {
@ -1026,7 +1031,8 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
} }
else else
#endif #endif
if(checkprefix("Basic", auth)) { if(checkprefix("Basic", auth) &&
is_valid_auth_separator(auth[5])) {
*availp |= CURLAUTH_BASIC; *availp |= CURLAUTH_BASIC;
authp->avail |= CURLAUTH_BASIC; authp->avail |= CURLAUTH_BASIC;
if(authp->picked == CURLAUTH_BASIC) { if(authp->picked == CURLAUTH_BASIC) {
@ -1039,7 +1045,8 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
} }
} }
else else
if(checkprefix("Bearer", auth)) { if(checkprefix("Bearer", auth) &&
is_valid_auth_separator(auth[6])) {
*availp |= CURLAUTH_BEARER; *availp |= CURLAUTH_BEARER;
authp->avail |= CURLAUTH_BEARER; authp->avail |= CURLAUTH_BEARER;
if(authp->picked == CURLAUTH_BEARER) { if(authp->picked == CURLAUTH_BEARER) {