From e5ee82274535366632343f80ea5ca5556b056486 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 18 Oct 2009 00:18:27 +0000
Subject: John Dennis filed bug report #2873666
 (http://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem
 which made libcurl loop infinitely when given incorrect credentials when
 using HTTP GSS negotiate authentication.

---
 CHANGES       | 6 ++++++
 RELEASE-NOTES | 3 ++-
 lib/http.c    | 3 +++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index cfb6ffd51..520be1cc3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,12 @@
                                   Changelog
 
 Daniel Stenberg (18 Oct 2009)
+- John Dennis filed bug report #2873666
+  (http://curl.haxx.se/bug/view.cgi?id=2873666) which identified a problem
+  which made libcurl loop infinitely when given incorrect credentials when
+  using HTTP GSS negotiate authentication. He also provided a small and simple
+  patch for it.
+
 - Kevin Baughman found a double close() problem with libcurl-NSS, as when
   libcurl called NSS to close the SSL "session" it also closed the actual
   socket.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 8556b54b8..111e98255 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -37,6 +37,7 @@ This release includes the following bugfixes:
  o connect next bug
  o invalid file name characters handling on Windows
  o double close() on the primary socket with libcurl-NSS
+ o GSS negotiate infinite loop on bad credentials
 
 This release includes the following known bugs:
 
@@ -49,6 +50,6 @@ advice from friends like these:
  Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
  Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
  Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
- Kevin Baughman
+ Kevin Baughman, John Dennis
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/http.c b/lib/http.c
index 7cc7a9307..5471f377f 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -750,6 +750,9 @@ CURLcode Curl_http_input_auth(struct connectdata *conn,
         /* we received GSS auth info and we dealt with it fine */
         data->state.negotiate.state = GSS_AUTHRECV;
       }
+      else {
+        data->state.authproblem = TRUE;
+      }
     }
   }
   else
-- 
cgit v1.2.3