diff options
author | Daniel Stenberg <daniel@haxx.se> | 2005-10-20 20:07:32 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2005-10-20 20:07:32 +0000 |
commit | be9c873a6e97423bc0b2a2dd45835c35c7d81231 (patch) | |
tree | b1a9d53a9be19ab9514bfca4c61baa414ed4528f /lib/http.c | |
parent | 034d80f6cd9a9d5035efe7429b331f679405be0f (diff) |
Dave Dribin made libcurl understand and handle cases when the server
(wrongly) sends *two* WWW-Authenticate headers for Digest. While this should
never happen in a sane world, libcurl previously got into an infinite loop
when this occurred. Dave added test 273 to verify this.
Diffstat (limited to 'lib/http.c')
-rw-r--r-- | lib/http.c | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/lib/http.c b/lib/http.c index f46c1585a..fe06c7dc7 100644 --- a/lib/http.c +++ b/lib/http.c @@ -621,18 +621,23 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, #endif #ifndef CURL_DISABLE_CRYPTO_AUTH if(checkprefix("Digest", start)) { - CURLdigest dig; - *availp |= CURLAUTH_DIGEST; - authp->avail |= CURLAUTH_DIGEST; - - /* We call this function on input Digest headers even if Digest - * authentication isn't activated yet, as we need to store the - * incoming data from this header in case we are gonna use Digest. */ - dig = Curl_input_digest(conn, (bool)(httpcode == 407), start); - - if(CURLDIGEST_FINE != dig) { - infof(data, "Authentication problem. Ignoring this.\n"); - data->state.authproblem = TRUE; + if((authp->avail & CURLAUTH_DIGEST) != 0) { + infof(data, "Ignoring duplicate digest auth header.\n"); + } + else { + CURLdigest dig; + *availp |= CURLAUTH_DIGEST; + authp->avail |= CURLAUTH_DIGEST; + + /* We call this function on input Digest headers even if Digest + * authentication isn't activated yet, as we need to store the + * incoming data from this header in case we are gonna use Digest. */ + dig = Curl_input_digest(conn, (bool)(httpcode == 407), start); + + if(CURLDIGEST_FINE != dig) { + infof(data, "Authentication problem. Ignoring this.\n"); + data->state.authproblem = TRUE; + } } } else |