From 3b59696a93e7bbc7ec7ad0371ddac02a7d990cd6 Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Sat, 2 Nov 2013 11:18:39 +0000
Subject: http: Added proxy tunnel authentication message header value
 extraction

...following recent changes to Curl_base64_decode() rather than trying
to parse a header line for the authentication mechanisms which is CRLF
terminated and inline zero terminate it.
---
 lib/http.c       |  2 +-
 lib/http.h       |  3 ++-
 lib/http_proxy.c | 11 +++++++++--
 3 files changed, 12 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/http.c b/lib/http.c
index 55a8166de..3025beff1 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -187,7 +187,7 @@ char *Curl_checkheaders(struct SessionHandle *data, const char *thisheader)
  * case of allocation failure. Returns an empty string if the header value
  * consists entirely of whitespace.
  */
-static char *copy_header_value(const char *h)
+char *copy_header_value(const char *h)
 {
   const char *start;
   const char *end;
diff --git a/lib/http.h b/lib/http.h
index a506238a6..d74714d58 100644
--- a/lib/http.h
+++ b/lib/http.h
@@ -35,11 +35,12 @@ extern const struct Curl_handler Curl_handler_http;
 extern const struct Curl_handler Curl_handler_https;
 #endif
 
+/* Header specific function */
 bool Curl_compareheader(const char *headerline,  /* line to check */
                         const char *header,   /* header keyword _with_ colon */
                         const char *content); /* content string to find */
-
 char *Curl_checkheaders(struct SessionHandle *data, const char *thisheader);
+char *copy_header_value(const char *h);
 
 /* ------------------------------------------------------------------------- */
 /*
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 6a555525d..97edc486e 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -452,8 +452,15 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
                       (401 == k->httpcode)) ||
                      (checkprefix("Proxy-authenticate:", line_start) &&
                       (407 == k->httpcode))) {
-                    result = Curl_http_input_auth(conn, k->httpcode,
-                                                  line_start);
+
+                    char *auth = copy_header_value(line_start);
+                    if(!auth)
+                      return CURLE_OUT_OF_MEMORY;
+
+                    result = Curl_http_input_auth(conn, k->httpcode, auth);
+
+                    Curl_safefree(auth);
+
                     if(result)
                       return result;
                   }
-- 
cgit v1.2.3