mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
Dave Dribin made libcurl understand and handle cases when the server
(wrongly) sends *two* WWW-Authenticate headers for Digest. While this should never happen in a sane world, libcurl previously got into an infinite loop when this occurred. Dave added test 273 to verify this.
This commit is contained in:
parent
034d80f6cd
commit
be9c873a6e
5
CHANGES
5
CHANGES
@ -9,6 +9,11 @@
|
||||
|
||||
|
||||
Daniel (20 October 2005)
|
||||
- Dave Dribin made libcurl understand and handle cases when the server
|
||||
(wrongly) sends *two* WWW-Authenticate headers for Digest. While this should
|
||||
never happen in a sane world, libcurl previously got into an infinite loop
|
||||
when this occurred. Dave added test 273 to verify this.
|
||||
|
||||
- Temprimus improved the MSVC makefile: "makes a build option available so if
|
||||
you set rtlibcfg=static for the make, then it would build with /MT. The
|
||||
default behaviour is /MD (the original)."
|
||||
|
@ -15,6 +15,7 @@ This release includes the following changes:
|
||||
|
||||
This release includes the following bugfixes:
|
||||
|
||||
o double WWW-Authenticate Digest headers are now handled
|
||||
o curl-config --vernum fixed
|
||||
|
||||
Other curl-related news since the previous public release:
|
||||
|
@ -621,6 +621,10 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
|
||||
#endif
|
||||
#ifndef CURL_DISABLE_CRYPTO_AUTH
|
||||
if(checkprefix("Digest", start)) {
|
||||
if((authp->avail & CURLAUTH_DIGEST) != 0) {
|
||||
infof(data, "Ignoring duplicate digest auth header.\n");
|
||||
}
|
||||
else {
|
||||
CURLdigest dig;
|
||||
*availp |= CURLAUTH_DIGEST;
|
||||
authp->avail |= CURLAUTH_DIGEST;
|
||||
@ -635,6 +639,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
|
||||
data->state.authproblem = TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
if(checkprefix("Basic", start)) {
|
||||
|
@ -33,4 +33,4 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
|
||||
test237 test238 test239 test243 test245 test246 test247 test248 test249 \
|
||||
test250 test251 test252 test253 test254 test255 test521 test522 test523 \
|
||||
test256 test257 test258 test259 test260 test261 test262 test263 test264 \
|
||||
test265 test266 test267 test268 test269 test270 test271 test272
|
||||
test265 test266 test267 test268 test269 test270 test271 test272 test273
|
||||
|
76
tests/data/test273
Normal file
76
tests/data/test273
Normal file
@ -0,0 +1,76 @@
|
||||
<info>
|
||||
<keywords>
|
||||
HTTP
|
||||
HTTP GET
|
||||
HTTP Digest auth
|
||||
</keywords>
|
||||
</info>
|
||||
# Server-side
|
||||
<reply>
|
||||
<data>
|
||||
HTTP/1.1 401 Authorization Required swsclose
|
||||
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
|
||||
WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
|
||||
WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
|
||||
Content-Type: text/html; charset=iso-8859-1
|
||||
|
||||
This is not the real page
|
||||
</data>
|
||||
|
||||
# This is supposed to be returned when the server gets a
|
||||
# Authorization: Digest line passed-in from the client
|
||||
<data1000>
|
||||
HTTP/1.1 200 OK swsclose
|
||||
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
|
||||
Content-Type: text/html; charset=iso-8859-1
|
||||
|
||||
This IS the real page!
|
||||
</data1000>
|
||||
|
||||
<datacheck>
|
||||
HTTP/1.1 401 Authorization Required swsclose
|
||||
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
|
||||
WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
|
||||
WWW-Authenticate: Digest realm="testrealm", nonce="1053604145"
|
||||
Content-Type: text/html; charset=iso-8859-1
|
||||
|
||||
HTTP/1.1 200 OK swsclose
|
||||
Server: Apache/1.3.27 (Darwin) PHP/4.1.2
|
||||
Content-Type: text/html; charset=iso-8859-1
|
||||
|
||||
This IS the real page!
|
||||
</datacheck>
|
||||
|
||||
</reply>
|
||||
|
||||
# Client-side
|
||||
<client>
|
||||
<server>
|
||||
http
|
||||
</server>
|
||||
<name>
|
||||
HTTP with two Digest authorization headers
|
||||
</name>
|
||||
<command>
|
||||
http://%HOSTIP:%HTTPPORT/273 -u testuser:testpass --digest
|
||||
</command>
|
||||
</client>
|
||||
|
||||
# Verify data after the test has been "shot"
|
||||
<verify>
|
||||
<strip>
|
||||
^User-Agent:.*
|
||||
</strip>
|
||||
<protocol>
|
||||
GET /273 HTTP/1.1
|
||||
Host: 127.0.0.1:%HTTPPORT
|
||||
Accept: */*
|
||||
|
||||
GET /273 HTTP/1.1
|
||||
Authorization: Digest username="testuser", realm="testrealm", nonce="1053604145", uri="/273", response="576ae57b1db0039f8c0de43ef58e49e3"
|
||||
User-Agent: curl/7.10.5 (i686-pc-linux-gnu) libcurl/7.10.5 OpenSSL/0.9.7a ipv6 zlib/1.1.3
|
||||
Host: 127.0.0.1:%HTTPPORT
|
||||
Accept: */*
|
||||
|
||||
</protocol>
|
||||
</verify>
|
Loading…
Reference in New Issue
Block a user