http: move "oauth_bearer" from connectdata to Curl_easy

Fixes the bug where oauth_bearer gets deallocated when we re-use a connection. Closes #4824
2025-02-28 17:31:46 -05:00 · 2020-01-21 10:30:37 +01:00 · 2020-01-21 10:30:37 +01:00 · dea17b519d
commit dea17b519d
parent 1774dbd74c
4 changed files with 13 additions and 23 deletions
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@ -272,6 +272,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
    data->set.str[STRING_SERVICE_NAME] :
    sasl->params->service;
 #endif
+  const char *oauth_bearer = data->set.str[STRING_BEARER];

  sasl->force_ir = force_ir;    /* Latch for future use */
  sasl->authused = 0;           /* No mechanism used yet */
@ -341,7 +342,7 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
      }
    else
 #endif
-    if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {
+    if((enabledmechs & SASL_MECH_OAUTHBEARER) && oauth_bearer) {
      mech = SASL_MECH_STRING_OAUTHBEARER;
      state1 = SASL_OAUTH2;
      state2 = SASL_OAUTH2_RESP;
@ -351,17 +352,17 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
        result = Curl_auth_create_oauth_bearer_message(data, conn->user,
                                                       hostname,
                                                       port,
-                                                       conn->oauth_bearer,
+                                                       oauth_bearer,
                                                       &resp, &len);
    }
-    else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
+    else if((enabledmechs & SASL_MECH_XOAUTH2) && oauth_bearer) {
      mech = SASL_MECH_STRING_XOAUTH2;
      state1 = SASL_OAUTH2;
      sasl->authused = SASL_MECH_XOAUTH2;

      if(force_ir || data->set.sasl_ir)
        result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
-                                                        conn->oauth_bearer,
+                                                        oauth_bearer,
                                                        &resp, &len);
    }
    else if(enabledmechs & SASL_MECH_PLAIN) {
@ -431,6 +432,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
  char *serverdata;
 #endif
  size_t len = 0;
+  const char *oauth_bearer = data->set.str[STRING_BEARER];

  *progress = SASL_INPROGRESS;

@ -558,7 +560,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
      result = Curl_auth_create_oauth_bearer_message(data, conn->user,
                                                     hostname,
                                                     port,
-                                                     conn->oauth_bearer,
+                                                     oauth_bearer,
                                                     &resp, &len);

      /* Failures maybe sent by the server as continuations for OAUTHBEARER */
@ -566,7 +568,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
    }
    else
      result = Curl_auth_create_xoauth_bearer_message(data, conn->user,
-                                                      conn->oauth_bearer,
+                                                      oauth_bearer,
                                                      &resp, &len);
    break;

--- a/lib/http.c
+++ b/lib/http.c
@ -344,7 +344,7 @@ static CURLcode http_output_bearer(struct connectdata *conn)
  userp = &conn->allocptr.userpwd;
  free(*userp);
  *userp = aprintf("Authorization: Bearer %s\r\n",
-                   conn->oauth_bearer);
+                   conn->data->set.str[STRING_BEARER]);

  if(!*userp) {
    result = CURLE_OUT_OF_MEMORY;
@ -555,7 +555,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
  CURLcode result = CURLE_OK;
  unsigned long authmask = ~0ul;

-  if(!conn->oauth_bearer)
+  if(!data->set.str[STRING_BEARER])
    authmask &= (unsigned long)~CURLAUTH_BEARER;

  if(100 <= data->req.httpcode && 199 >= data->req.httpcode)
@ -565,7 +565,7 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
  if(data->state.authproblem)
    return data->set.http_fail_on_error?CURLE_HTTP_RETURNED_ERROR:CURLE_OK;

-  if((conn->bits.user_passwd || conn->oauth_bearer) &&
+  if((conn->bits.user_passwd || data->set.str[STRING_BEARER]) &&
     ((data->req.httpcode == 401) ||
      (conn->bits.authneg && data->req.httpcode < 300))) {
    pickhost = pickoneauth(&data->state.authhost, authmask);
@ -641,9 +641,7 @@ output_auth_headers(struct connectdata *conn,
 {
  const char *auth = NULL;
  CURLcode result = CURLE_OK;
-#if !defined(CURL_DISABLE_VERBOSE_STRINGS)
  struct Curl_easy *data = conn->data;
-#endif

 #ifdef CURL_DISABLE_CRYPTO_AUTH
  (void)request;
@ -707,7 +705,7 @@ output_auth_headers(struct connectdata *conn,
  }
  if(authstatus->picked == CURLAUTH_BEARER) {
    /* Bearer */
-    if((!proxy && conn->oauth_bearer &&
+    if((!proxy && data->set.str[STRING_BEARER] &&
        !Curl_checkheaders(conn, "Authorization:"))) {
      auth = "Bearer";
      result = http_output_bearer(conn);
@ -765,7 +763,7 @@ Curl_http_output_auth(struct connectdata *conn,
  authproxy = &data->state.authproxy;

  if((conn->bits.httpproxy && conn->bits.proxy_user_passwd) ||
-     conn->bits.user_passwd || conn->oauth_bearer)
+     conn->bits.user_passwd || data->set.str[STRING_BEARER])
    /* continue please */;
  else {
    authhost->done = TRUE;
--- a/lib/url.c
+++ b/lib/url.c
@ -721,7 +721,6 @@ static void conn_free(struct connectdata *conn)

  Curl_safefree(conn->user);
  Curl_safefree(conn->passwd);
-  Curl_safefree(conn->oauth_bearer);
  Curl_safefree(conn->sasl_authzid);
  Curl_safefree(conn->options);
  Curl_safefree(conn->http_proxy.user);
@ -3343,14 +3342,6 @@ static CURLcode create_conn(struct Curl_easy *data,
  if(result)
    goto out;

-  if(data->set.str[STRING_BEARER]) {
-    conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
-    if(!conn->oauth_bearer) {
-      result = CURLE_OUT_OF_MEMORY;
-      goto out;
-    }
-  }
-
  if(data->set.str[STRING_SASL_AUTHZID]) {
    conn->sasl_authzid = strdup(data->set.str[STRING_SASL_AUTHZID]);
    if(!conn->sasl_authzid) {
--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -906,7 +906,6 @@ struct connectdata {
  char *passwd;  /* password string, allocated */
  char *options; /* options string, allocated */

-  char *oauth_bearer;     /* bearer token for OAuth 2.0, allocated */
  char *sasl_authzid;     /* authorisation identity string, allocated */

  int httpversion;        /* the HTTP version*10 reported by the server */