diff options
-rw-r--r-- | CHANGES | 6 | ||||
-rw-r--r-- | RELEASE-NOTES | 3 | ||||
-rw-r--r-- | lib/http.c | 3 |
3 files changed, 11 insertions, 1 deletions
@@ -7,6 +7,12 @@ Changelog Daniel Stenberg (18 Oct 2009) +- John Dennis filed bug report #2873666 + (http://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem + which made libcurl loop infinitely when given incorrect credentials when + using HTTP GSS negotiate authentication. He also provided a small and simple + patch for it. + - Kevin Baughman found a double close() problem with libcurl-NSS, as when libcurl called NSS to close the SSL "session" it also closed the actual socket. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 8556b54b8..111e98255 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -37,6 +37,7 @@ This release includes the following bugfixes: o connect next bug o invalid file name characters handling on Windows o double close() on the primary socket with libcurl-NSS + o GSS negotiate infinite loop on bad credentials This release includes the following known bugs: @@ -49,6 +50,6 @@ advice from friends like these: Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson, Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey, Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich, - Kevin Baughman + Kevin Baughman, John Dennis Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/http.c b/lib/http.c index 7cc7a9307..5471f377f 100644 --- a/lib/http.c +++ b/lib/http.c @@ -750,6 +750,9 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, /* we received GSS auth info and we dealt with it fine */ data->state.negotiate.state = GSS_AUTHRECV; } + else { + data->state.authproblem = TRUE; + } } } else |