From 590f0358d86c402f94b329f2ce0d612cbb749c95 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 1 Mar 2008 22:32:03 +0000 Subject: - Anatoli Tubman found and fixed a crash with Negotiate authentication used on a re-used connection where both requests used Negotiate. --- CHANGES | 4 ++++ RELEASE-NOTES | 4 +++- TODO-RELEASE | 2 -- lib/http.c | 8 ++++++++ lib/http_negotiate.c | 5 ++--- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index aeebf4231..01290424f 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,10 @@ Changelog +Daniel S (1 Mar 2008) +- Anatoli Tubman found and fixed a crash with Negotiate authentication used on + a re-used connection where both requests used Negotiate. + Guenter Knauf (26 Feb 2008) - Kaspar Brand provided a patch to support server name indication (RFC 4366). diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 71195e25a..a940cf07a 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -32,6 +32,7 @@ This release includes the following bugfixes: o test case 405 failures with GnuTLS builds o crash when connection cache size is 1 and Curl_do() failed o GnuTLS-built libcurl can now be forced to prefer SSLv3 + o crash when doing Negotiate again on a re-used connection This release includes the following known bugs: @@ -50,6 +51,7 @@ advice from friends like these: Michal Marek, Dmitry Kurochkin, Niklas Angebrand, Günter Knauf, Yang Tse, Dan Fandrich, Mike Hommey, Pooyan McSporran, Jerome Muffat-Meridol, - Kaspar Brand, Gautam Kachroo, Zmey Petroff, Georg Lippitsch, Sam Listopad + Kaspar Brand, Gautam Kachroo, Zmey Petroff, Georg Lippitsch, Sam Listopad, + Anatoli Tubman Thanks! (and sorry if I forgot to mention someone) diff --git a/TODO-RELEASE b/TODO-RELEASE index 65289df2b..10787e68e 100644 --- a/TODO-RELEASE +++ b/TODO-RELEASE @@ -6,8 +6,6 @@ To be addressed before 7.18.1 (planned release: April 2008) 123 - Mike Protts' SFTP resume download -124 - Anatoli Tubman's fix for a Negotiate: crash - 125 - Michal Marek's typechecker-gcc work 126 - diff --git a/lib/http.c b/lib/http.c index 45cabd4b6..59a275d0d 100644 --- a/lib/http.c +++ b/lib/http.c @@ -2358,6 +2358,14 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) te ); + /* + * Free userpwd now --- cannot reuse this for Negotiate and possibly NTLM + * with basic and digest, it will be freed anyway by the next request + */ + + Curl_safefree (conn->allocptr.userpwd); + conn->allocptr.userpwd = NULL; + if(result) return result; diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index c584e28a6..5baa58426 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2007, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2008, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -255,7 +255,6 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) { struct negotiatedata *neg_ctx = proxy?&conn->data->state.proxyneg: &conn->data->state.negotiate; - OM_uint32 minor_status; char *encoded = NULL; int len; @@ -309,7 +308,7 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy) aprintf("%sAuthorization: %s %s\r\n", proxy ? "Proxy-" : "", neg_ctx->protocol, encoded); free(encoded); - gss_release_buffer(&minor_status, &neg_ctx->output_token); + Curl_cleanup_negotiate (conn->data); return (conn->allocptr.userpwd == NULL) ? CURLE_OUT_OF_MEMORY : CURLE_OK; } -- cgit v1.2.3