diff options
| -rw-r--r-- | CHANGES | 9 | ||||
| -rw-r--r-- | RELEASE-NOTES | 3 | ||||
| -rw-r--r-- | lib/http.c | 42 | ||||
| -rw-r--r-- | tests/data/Makefile.am | 2 | ||||
| -rw-r--r-- | tests/data/test233 | 81 | 
5 files changed, 114 insertions, 23 deletions
| @@ -6,6 +6,15 @@                                    Changelog + +Daniel (19 February 2005) +- Ralph Mitchell reported a flaw when you used a proxy with auth, and you +  requested data from a host and then followed a redirect to another +  host. libcurl then didn't use the proxy-auth properly in the second request, +  due to the host-only check for original host name wrongly being extended to +  the proxy auth as well. Added test case 233 to verify the flaw and that the +  fix removed the problem. +  Daniel (18 February 2005)  - Mike Dobbs reported a mingw build failure due to the lack of    BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 6add05297..40aaecce0 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes:  This release includes the following bugfixes: + o proxy auth bug when following redirects to another host   o socket leak when local bind failed   o HTTP POST with --anyauth picking NTLM   o SSL problems when downloading exactly 16KB data @@ -34,6 +35,6 @@ This release would not have looked like this without help, code, reports and  advice from friends like these:   Gisle Vanem, David Byron, Marty Kuhrt, Maruko, Eric Vergnaud, Christopher - R. Palmer, Mike Dobbs, David in bug report #1124588 + R. Palmer, Mike Dobbs, David in bug report #1124588, Ralph Mitchell          Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/http.c b/lib/http.c index a5f29da3b..ae2594737 100644 --- a/lib/http.c +++ b/lib/http.c @@ -403,24 +403,17 @@ Curl_http_output_auth(struct connectdata *conn,         and if this is one single bit it'll be used instantly. */      authproxy->picked = authproxy->want; -  /* To prevent the user+password to get sent to other than the original -     host due to a location-follow, we do some weirdo checks here */ -  if(!data->state.this_is_a_follow || -     !data->state.first_host || -     curl_strequal(data->state.first_host, conn->host.name) || -     data->set.http_disable_hostname_check_before_authentication) { - -    /* Send proxy authentication header if needed */ -    if (conn->bits.httpproxy && -        (conn->bits.tunnel_proxy == proxytunnel)) { +  /* Send proxy authentication header if needed */ +  if (conn->bits.httpproxy && +      (conn->bits.tunnel_proxy == proxytunnel)) {  #ifdef USE_SSLEAY -      if(authproxy->want == CURLAUTH_NTLM) { -        auth=(char *)"NTLM"; -        result = Curl_output_ntlm(conn, TRUE); -        if(result) -          return result; -      } -      else +    if(authproxy->want == CURLAUTH_NTLM) { +      auth=(char *)"NTLM"; +      result = Curl_output_ntlm(conn, TRUE); +      if(result) +        return result; +    } +    else  #endif        if(authproxy->want == CURLAUTH_BASIC) {          /* Basic */ @@ -454,10 +447,17 @@ Curl_http_output_auth(struct connectdata *conn,        else          authproxy->multi = FALSE;      } -    else -      /* we have no proxy so let's pretend we're done authenticating -         with it */ -      authproxy->done = TRUE; +  else +    /* we have no proxy so let's pretend we're done authenticating +       with it */ +    authproxy->done = TRUE; + +  /* To prevent the user+password to get sent to other than the original +     host due to a location-follow, we do some weirdo checks here */ +  if(!data->state.this_is_a_follow || +     !data->state.first_host || +     curl_strequal(data->state.first_host, conn->host.name) || +     data->set.http_disable_hostname_check_before_authentication) {      /* Send web authentication header if needed */      { diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index ebbfdab0b..509206733 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -32,7 +32,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	\   test223 test224 test206 test207 test208 test209 test213 test240	\   test241 test242 test519 test214 test215 test216 test217 test218	\   test199 test225 test226 test227 test230 test231 test232 test228	\ - test229 + test229 test233  # The following tests have been removed from the dist since they no longer  # work. We need to fix the test suite's FTPS server first, then bring them diff --git a/tests/data/test233 b/tests/data/test233 new file mode 100644 index 000000000..0e329f7b6 --- /dev/null +++ b/tests/data/test233 @@ -0,0 +1,81 @@ +# +# Server-side +<reply> +<data> +HTTP/1.1 302 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Location: http://goto.second.host.now/2330002 +Content-Length: 8 +Connection: close + +contents +</data> +<data2> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes + +contents +</data2> + +<datacheck> +HTTP/1.1 302 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Location: http://goto.second.host.now/2330002 +Content-Length: 8 +Connection: close + +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes + +contents +</datacheck> +</reply> + +# +# Client-side +<client> +<server> +http +</server> + <name> +HTTP, proxy, site+proxy auth and Location: to new host + </name> + <command> +http://first.host.it.is/we/want/that/page/233 -x %HOSTIP:%HTTPPORT --user iam:myself --proxy-user testing:this --location +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET http://first.host.it.is/we/want/that/page/233 HTTP/1.1
 +Proxy-Authorization: Basic dGVzdGluZzp0aGlz
 +Authorization: Basic aWFtOm15c2VsZg==
 +Host: first.host.it.is
 +Pragma: no-cache
 +Accept: */*
 +
 +GET http://goto.second.host.now/2330002 HTTP/1.1
 +Proxy-Authorization: Basic dGVzdGluZzp0aGlz
 +Host: goto.second.host.now
 +Pragma: no-cache
 +Accept: */*
 +
 +</protocol> +</verify> | 
