mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Dave Dribin made libcurl understand and handle cases when the server
(wrongly) sends *two* WWW-Authenticate headers for Digest. While this should never happen in a sane world, libcurl previously got into an infinite loop when this occurred. Dave added test 273 to verify this.
This commit is contained in:
parent
034d80f6cd
commit
be9c873a6e
5
CHANGES
5
CHANGES
@ -9,6 +9,11 @@
|
|||||||
|
|
||||||
|
|
||||||
Daniel (20 October 2005)
|
Daniel (20 October 2005)
|
||||||
|
- Dave Dribin made libcurl understand and handle cases when the server
|
||||||
|
(wrongly) sends *two* WWW-Authenticate headers for Digest. While this should
|
||||||
|
never happen in a sane world, libcurl previously got into an infinite loop
|
||||||
|
when this occurred. Dave added test 273 to verify this.
|
||||||
|
|
||||||
- Temprimus improved the MSVC makefile: "makes a build option available so if
|
- Temprimus improved the MSVC makefile: "makes a build option available so if
|
||||||
you set rtlibcfg=static for the make, then it would build with /MT. The
|
you set rtlibcfg=static for the make, then it would build with /MT. The
|
||||||
default behaviour is /MD (the original)."
|
default behaviour is /MD (the original)."
|
||||||
|
@ -15,6 +15,7 @@ This release includes the following changes:
|
|||||||
|
|
||||||
This release includes the following bugfixes:
|
This release includes the following bugfixes:
|
||||||
|
|
||||||
|
o double WWW-Authenticate Digest headers are now handled
|
||||||
o curl-config --vernum fixed
|
o curl-config --vernum fixed
|
||||||
|
|
||||||
Other curl-related news since the previous public release:
|
Other curl-related news since the previous public release:
|
||||||
|
@ -621,6 +621,10 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
|
|||||||
#endif
|
#endif
|
||||||
#ifndef CURL_DISABLE_CRYPTO_AUTH
|
#ifndef CURL_DISABLE_CRYPTO_AUTH
|
||||||
if(checkprefix("Digest", start)) {
|
if(checkprefix("Digest", start)) {
|
||||||
|
if((authp->avail & CURLAUTH_DIGEST) != 0) {
|
||||||
|
infof(data, "Ignoring duplicate digest auth header.\n");
|
||||||
|
}
|
||||||
|
else {
|
||||||
CURLdigest dig;
|
CURLdigest dig;
|
||||||
*availp |= CURLAUTH_DIGEST;
|
*availp |= CURLAUTH_DIGEST;
|
||||||
authp->avail |= CURLAUTH_DIGEST;
|
authp->avail |= CURLAUTH_DIGEST;
|
||||||
@ -635,6 +639,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
|
|||||||
data->state.authproblem = TRUE;
|
data->state.authproblem = TRUE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
if(checkprefix("Basic", start)) {
|
if(checkprefix("Basic", start)) {
|
||||||
|
@ -33,4 +33,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
|
|||||||
test237 test238 test239 test243 test245 test246 test247 test248 test249 \
|
test237 test238 test239 test243 test245 test246 test247 test248 test249 \
|
||||||
test250 test251 test252 test253 test254 test255 test521 test522 test523 \
|
test250 test251 test252 test253 test254 test255 test521 test522 test523 \
|
||||||
test256 test257 test258 test259 test260 test261 test262 test263 test264 \
|
test256 test257 test258 test259 test260 test261 test262 test263 test264 \
|
||||||
test265 test266 test267 test268 test269 test270 test271 test272
|
test265 test266 test267 test268 test269 test270 test271 test272 test273
|
||||||
|
76
tests/data/test273
Normal file
76
tests/data/test273
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
<info>
|
||||||
|
<keywords>
|
||||||
|
HTTP
|
||||||
|
HTTP GET
|
||||||
|
HTTP Digest auth
|
||||||
|
</keywords>
|
||||||
|
</info>
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<data>
|
||||||
|
HTTP/1.1 401 Authorization Required swsclose
|
||||||
|
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
|
||||||
|
WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
|
||||||
|
WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
|
||||||
|
Content-Type: text/html; charset=iso-8859-1
|
||||||
|
|
||||||
|
This is not the real page
|
||||||
|
</data>
|
||||||
|
|
||||||
|
# This is supposed to be returned when the server gets a
|
||||||
|
# Authorization: Digest line passed-in from the client
|
||||||
|
<data1000>
|
||||||
|
HTTP/1.1 200 OK swsclose
|
||||||
|
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
|
||||||
|
Content-Type: text/html; charset=iso-8859-1
|
||||||
|
|
||||||
|
This IS the real page!
|
||||||
|
</data1000>
|
||||||
|
|
||||||
|
<datacheck>
|
||||||
|
HTTP/1.1 401 Authorization Required swsclose
|
||||||
|
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
|
||||||
|
WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
|
||||||
|
WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
|
||||||
|
Content-Type: text/html; charset=iso-8859-1
|
||||||
|
|
||||||
|
HTTP/1.1 200 OK swsclose
|
||||||
|
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
|
||||||
|
Content-Type: text/html; charset=iso-8859-1
|
||||||
|
|
||||||
|
This IS the real page!
|
||||||
|
</datacheck>
|
||||||
|
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
http
|
||||||
|
</server>
|
||||||
|
<name>
|
||||||
|
HTTP with two Digest authorization headers
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
http://%HOSTIP:%HTTPPORT/273 -u testuser:testpass --digest
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
<strip>
|
||||||
|
^User-Agent:.*
|
||||||
|
</strip>
|
||||||
|
<protocol>
|
||||||
|
GET /273 HTTP/1.1
|
||||||
|
Host: 127.0.0.1:%HTTPPORT
|
||||||
|
Accept: */*
|
||||||
|
|
||||||
|
GET /273 HTTP/1.1
|
||||||
|
Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/273", response="576ae57b1db0039f8c0de43ef58e49e3"
|
||||||
|
User-Agent: curl/7.10.5 (i686-pc-linux-gnu) libcurl/7.10.5 OpenSSL/0.9.7a ipv6 zlib/1.1.3
|
||||||
|
Host: 127.0.0.1:%HTTPPORT
|
||||||
|
Accept: */*
|
||||||
|
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
Loading…
Reference in New Issue
Block a user