[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 152/173: digest_sspi: Handle 'stale=TRUE' directive
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 152/173: digest_sspi: Handle 'stale=TRUE' directive in HTTP digest |
|
Date: |
Fri, 24 Feb 2017 14:02:54 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.53.1
in repository gnurl.
commit af5fbb14bb4fd86cdc5bf2c9f1f2b3b5d8d2af66
Author: Jay Satiro <address@hidden>
AuthorDate: Tue Jul 26 01:46:23 2016 -0400
digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
- If the server has provided another challenge use it as the replacement
input token if stale=TRUE. Otherwise previous credentials have failed
so return CURLE_LOGIN_DENIED.
Prior to this change the stale directive was ignored and if another
challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING.
Ref: https://tools.ietf.org/html/rfc2617#page-10
Bug: https://github.com/curl/curl/issues/928
Reported-by: address@hidden
---
lib/vauth/digest_sspi.c | 43 ++++++++++++++++++++++++++++++++++++-------
1 file changed, 36 insertions(+), 7 deletions(-)
diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c
index f9ee8a8fd..15f3d8c14 100644
--- a/lib/vauth/digest_sspi.c
+++ b/lib/vauth/digest_sspi.c
@@ -335,12 +335,43 @@ CURLcode Curl_auth_decode_digest_http_message(const char
*chlg,
{
size_t chlglen = strlen(chlg);
- /* We had an input token before and we got another one now. This means we
- provided bad credentials in the previous request. */
- if(digest->input_token)
- return CURLE_BAD_CONTENT_ENCODING;
+ /* We had an input token before so if there's another one now that means we
+ provided bad credentials in the previous request or it's stale. */
+ if(digest->input_token) {
+ bool stale = false;
+ const char *p = chlg;
+
+ /* Check for the 'stale' directive */
+ for(;;) {
+ char value[DIGEST_MAX_VALUE_LENGTH];
+ char content[DIGEST_MAX_CONTENT_LENGTH];
+
+ while(*p && ISSPACE(*p))
+ p++;
+
+ if(!Curl_auth_digest_get_pair(p, value, content, &p))
+ break;
+
+ if(Curl_strcasecompare(value, "stale")
+ && Curl_strcasecompare(content, "true")) {
+ stale = true;
+ break;
+ }
- /* Simply store the challenge for use later */
+ while(*p && ISSPACE(*p))
+ p++;
+
+ if(',' == *p)
+ p++;
+ }
+
+ if(stale)
+ Curl_auth_digest_cleanup(digest);
+ else
+ return CURLE_LOGIN_DENIED;
+ }
+
+ /* Store the challenge for use later */
digest->input_token = (BYTE *) Curl_memdup(chlg, chlglen + 1);
if(!digest->input_token)
return CURLE_OUT_OF_MEMORY;
@@ -552,8 +583,6 @@ CURLcode Curl_auth_create_digest_http_message(struct
Curl_easy *data,
if(!resp) {
free(output_token);
- Curl_safefree(digest->http_context);
-
return CURLE_OUT_OF_MEMORY;
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 137/173: TODO: consider file name from the redirected URL with -O ?, (continued)
- [GNUnet-SVN] [gnurl] 137/173: TODO: consider file name from the redirected URL with -O ?, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 107/173: use *.sourceforge.io and misc URL updates, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 70/173: docs: improved language in README.md HISTORY.md CONTRIBUTE.md, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 113/173: test552: Fix typos, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 131/173: configure: Allow disabling pthreads, fall back on Win32 threads, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 103/173: openssl: Don't use certificate after transferring ownership, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 141/173: proxy: fix hostname resolution and IDN conversion, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 40/173: sws: retry send() on EWOULDBLOCK, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 108/173: cmdline-opts: Fixed build and test in out of source tree builds, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 123/173: examples/multithread.c: link to our multi-thread docs, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 152/173: digest_sspi: Handle 'stale=TRUE' directive in HTTP digest,
gnunet <=
- [GNUnet-SVN] [gnurl] 129/173: tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 151/173: smb: use getpid replacement for windows UWP builds, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 65/173: TODO: Improve formpost API, not just add an easy argument, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 90/173: cmdline-opts/gen.pl: Open input files in CRLF mode, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 59/173: next.d: --trace and --trace-ascii are also global, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 72/173: nss: use the correct lock in nss_find_slot_by_name(), gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 44/173: STARTTLS: Don't print response character in denied messages, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 35/173: ROADMAP: 2017 cleanup, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 71/173: http2: disable server push if not requested, gnunet, 2017/02/24
- [GNUnet-SVN] [gnurl] 83/173: CURLOPT_BUFFERSIZE: support enlarging receive buffer, gnunet, 2017/02/24