aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2005-02-18 23:53:07 +0000
committerDaniel Stenberg <daniel@haxx.se>2005-02-18 23:53:07 +0000
commit5ba188ab2dda19d63a908fd245d9727f2d5df4ea (patch)
treeaf1ac7455322c78afca751c7c6cd5352b3a7fc63 /lib
parenteadfd78c2ec38c80990ec6abfd64431708f38dae (diff)
Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem.
Diffstat (limited to 'lib')
-rw-r--r--lib/http.c42
1 files changed, 21 insertions, 21 deletions
diff --git a/lib/http.c b/lib/http.c
index a5f29da3b..ae2594737 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -403,24 +403,17 @@ Curl_http_output_auth(struct connectdata *conn,
and if this is one single bit it'll be used instantly. */
authproxy->picked = authproxy->want;
- /* To prevent the user+password to get sent to other than the original
- host due to a location-follow, we do some weirdo checks here */
- if(!data->state.this_is_a_follow ||
- !data->state.first_host ||
- curl_strequal(data->state.first_host, conn->host.name) ||
- data->set.http_disable_hostname_check_before_authentication) {
-
- /* Send proxy authentication header if needed */
- if (conn->bits.httpproxy &&
- (conn->bits.tunnel_proxy == proxytunnel)) {
+ /* Send proxy authentication header if needed */
+ if (conn->bits.httpproxy &&
+ (conn->bits.tunnel_proxy == proxytunnel)) {
#ifdef USE_SSLEAY
- if(authproxy->want == CURLAUTH_NTLM) {
- auth=(char *)"NTLM";
- result = Curl_output_ntlm(conn, TRUE);
- if(result)
- return result;
- }
- else
+ if(authproxy->want == CURLAUTH_NTLM) {
+ auth=(char *)"NTLM";
+ result = Curl_output_ntlm(conn, TRUE);
+ if(result)
+ return result;
+ }
+ else
#endif
if(authproxy->want == CURLAUTH_BASIC) {
/* Basic */
@@ -454,10 +447,17 @@ Curl_http_output_auth(struct connectdata *conn,
else
authproxy->multi = FALSE;
}
- else
- /* we have no proxy so let's pretend we're done authenticating
- with it */
- authproxy->done = TRUE;
+ else
+ /* we have no proxy so let's pretend we're done authenticating
+ with it */
+ authproxy->done = TRUE;
+
+ /* To prevent the user+password to get sent to other than the original
+ host due to a location-follow, we do some weirdo checks here */
+ if(!data->state.this_is_a_follow ||
+ !data->state.first_host ||
+ curl_strequal(data->state.first_host, conn->host.name) ||
+ data->set.http_disable_hostname_check_before_authentication) {
/* Send web authentication header if needed */
{