1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00

CONNECT_ONLY: don't close connection on GSS 401/407 reponses

Previously, connections were closed immediately before the user had a
chance to extract the socket when the proxy required Negotiate
authentication.

This regression was brought in with the security fix in commit
79b9d5f1a4

Closes #655
This commit is contained in:
Marcel Raad 2016-02-15 08:58:36 +01:00 committed by Daniel Stenberg
parent e24e1c9cc6
commit c2b3f264cb

View File

@ -1454,8 +1454,10 @@ CURLcode Curl_http_done(struct connectdata *conn,
data->state.negotiate.state == GSS_AUTHSENT) { data->state.negotiate.state == GSS_AUTHSENT) {
/* add forbid re-use if http-code != 401/407 as a WA only needed for /* add forbid re-use if http-code != 401/407 as a WA only needed for
* 401/407 that signal auth failure (empty) otherwise state will be RECV * 401/407 that signal auth failure (empty) otherwise state will be RECV
* with current code */ * with current code.
if((data->req.httpcode != 401) && (data->req.httpcode != 407)) * Do not close CONNECT_ONLY connections. */
if((data->req.httpcode != 401) && (data->req.httpcode != 407) &&
!data->set.connect_only)
connclose(conn, "Negotiate transfer completed"); connclose(conn, "Negotiate transfer completed");
Curl_cleanup_negotiate(data); Curl_cleanup_negotiate(data);
} }