From be9c873a6e97423bc0b2a2dd45835c35c7d81231 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 20 Oct 2005 20:07:32 +0000 Subject: Dave Dribin made libcurl understand and handle cases when the server (wrongly) sends *two* WWW-Authenticate headers for Digest. While this should never happen in a sane world, libcurl previously got into an infinite loop when this occurred. Dave added test 273 to verify this. --- lib/http.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) (limited to 'lib/http.c') diff --git a/lib/http.c b/lib/http.c index f46c1585a..fe06c7dc7 100644 --- a/lib/http.c +++ b/lib/http.c @@ -621,18 +621,23 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, #endif #ifndef CURL_DISABLE_CRYPTO_AUTH if(checkprefix("Digest", start)) { - CURLdigest dig; - *availp |= CURLAUTH_DIGEST; - authp->avail |= CURLAUTH_DIGEST; - - /* We call this function on input Digest headers even if Digest - * authentication isn't activated yet, as we need to store the - * incoming data from this header in case we are gonna use Digest. */ - dig = Curl_input_digest(conn, (bool)(httpcode == 407), start); - - if(CURLDIGEST_FINE != dig) { - infof(data, "Authentication problem. Ignoring this.\n"); - data->state.authproblem = TRUE; + if((authp->avail & CURLAUTH_DIGEST) != 0) { + infof(data, "Ignoring duplicate digest auth header.\n"); + } + else { + CURLdigest dig; + *availp |= CURLAUTH_DIGEST; + authp->avail |= CURLAUTH_DIGEST; + + /* We call this function on input Digest headers even if Digest + * authentication isn't activated yet, as we need to store the + * incoming data from this header in case we are gonna use Digest. */ + dig = Curl_input_digest(conn, (bool)(httpcode == 407), start); + + if(CURLDIGEST_FINE != dig) { + infof(data, "Authentication problem. Ignoring this.\n"); + data->state.authproblem = TRUE; + } } } else -- cgit v1.2.3