aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2008-01-10 09:17:07 +0000
committerDaniel Stenberg <daniel@haxx.se>2008-01-10 09:17:07 +0000
commit0ce484eed901f73cae89e25d9939a249729f15d3 (patch)
tree076098837648fdce5ff87ce92df3cda9a1dfd420
parentbce5ae9a07d0419375528ad82f93a7ad9aece8a9 (diff)
Nikitinskit Dmitriy filed bug report #1868255
(http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies and fixes a problem with parsing WWW-Authenticate: headers with additional spaces in the line that the parser wasn't written to deal with.
-rw-r--r--CHANGES6
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/http_digest.c5
3 files changed, 11 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index c9f6f9326..0ee689945 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,12 @@
Changelog
+Daniel S (10 Jan 2008)
+- Nikitinskit Dmitriy filed bug report #1868255
+ (http://curl.haxx.se/bug/view.cgi?id=1868255) with a patch. It identifies
+ and fixes a problem with parsing WWW-Authenticate: headers with additional
+ spaces in the line that the parser wasn't written to deal with.
+
Daniel S (8 Jan 2008)
- Introducing curl_easy_pause() and new magic return codes for both the read
and the write callbacks that now can make a connection's reading and/or
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index b8c85511e..bcfb898cc 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -46,6 +46,7 @@ This release includes the following bugfixes:
o --libcurl now generates a return statement as well
o socklen_t is no longer used in the public includes
o time zone offsets from -1400 to +1400 are now accepted by the date parser
+ o allows more spaces in WWW/Proxy-Authenticate: headers
This release includes the following known bugs:
diff --git a/lib/http_digest.c b/lib/http_digest.c
index e5efd3ef6..14612c527 100644
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2007, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -180,6 +180,9 @@ CURLdigest Curl_input_digest(struct connectdata *conn,
break; /* we're done here */
header += totlen;
+ /* pass all additional spaces here */
+ while(*header && ISSPACE(*header))
+ header++;
if(',' == *header)
/* allow the list to be comma-separated */
header++;