Harshal Pradhan fixed changing username/password on a persitent HTTP

connection.
This commit is contained in:
Daniel Stenberg 2004-12-14 21:22:51 +00:00
parent 4f567d0f81
commit 0d0d5e7ee3
7 changed files with 130 additions and 3 deletions

10
CHANGES
View File

@ -7,7 +7,17 @@
Changelog Changelog
Daniel (14 December 2004)
- Harshal Pradhan patched a HTTP persistent connection flaw: if the user name
and/or password were modified between two requests on a persistent
connection, the second request were still made with the first setup!
I added test case 519 to verify the fix.
Daniel (13 December 2004) Daniel (13 December 2004)
- Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app
to list all available crypto ENGINES.
- Gisle fixed bug report #1083542, which pointed out a problem with resuming - Gisle fixed bug report #1083542, which pointed out a problem with resuming
large file (>4GB) file:// transfers on windows. large file (>4GB) file:// transfers on windows.

View File

@ -10,6 +10,7 @@ Curl and libcurl 7.12.3
This release includes the following changes: This release includes the following changes:
o added CURLINFO_SSL_ENGINES
o new configure options: --disable-cookies, --disable-crypto-auth and o new configure options: --disable-cookies, --disable-crypto-auth and
--disable-verbose --disable-verbose
o persistent ftp request improvements o persistent ftp request improvements
@ -25,6 +26,7 @@ This release includes the following changes:
This release includes the following bugfixes: This release includes the following bugfixes:
o modified credentials between two requests on a persistent http connection
o large file file:// resumes on Windows o large file file:// resumes on Windows
o URLs with username and IPv6 numerical addresses o URLs with username and IPv6 numerical addresses
o configure works better with SSL libs in a "non-standard ld.so dir" o configure works better with SSL libs in a "non-standard ld.so dir"
@ -67,6 +69,6 @@ advice from friends like these:
Tim Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips, Tim Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips,
Wojciech Zwiefka, David Phillips, Reinout van Schouwen, Maurice Barnum, Wojciech Zwiefka, David Phillips, Reinout van Schouwen, Maurice Barnum,
Richard Atterer, Rene Bernhardt, Matt Veenstra, Bryan Henderson, Ton Voon, Richard Atterer, Rene Bernhardt, Matt Veenstra, Bryan Henderson, Ton Voon,
Kai Sommerfeld, David Byron Kai Sommerfeld, David Byron, Harshal Pradhan
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)

View File

@ -3131,7 +3131,26 @@ static CURLcode CreateConnection(struct SessionHandle *data,
/* get the user+password information from the old_conn struct since it may /* get the user+password information from the old_conn struct since it may
* be new for this request even when we re-use an existing connection */ * be new for this request even when we re-use an existing connection */
conn->bits.user_passwd = old_conn->bits.user_passwd; conn->bits.user_passwd = old_conn->bits.user_passwd;
if (conn->bits.user_passwd) {
/* use the new user namd and password though */
Curl_safefree(conn->user);
Curl_safefree(conn->passwd);
conn->user = old_conn->user;
conn->passwd = old_conn->passwd;
old_conn->user = NULL;
old_conn->passwd = NULL;
}
conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd; conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
if (conn->bits.proxy_user_passwd) {
/* use the new proxy user name and proxy password though */
Curl_safefree(conn->proxyuser);
Curl_safefree(conn->proxypasswd);
conn->proxyuser = old_conn->proxyuser;
conn->proxypasswd = old_conn->proxypasswd;
old_conn->proxyuser = NULL;
old_conn->proxypasswd = NULL;
}
/* host can change, when doing keepalive with a proxy ! */ /* host can change, when doing keepalive with a proxy ! */
if (conn->bits.httpproxy) { if (conn->bits.httpproxy) {

View File

@ -30,7 +30,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
test193 test194 test195 test196 test197 test198 test515 test516 \ test193 test194 test195 test196 test197 test198 test515 test516 \
test517 test518 test210 test211 test212 test220 test221 test222 \ test517 test518 test210 test211 test212 test220 test221 test222 \
test223 test224 test206 test207 test208 test209 test213 test240 \ test223 test224 test206 test207 test208 test209 test213 test240 \
test241 test242 test241 test242 test519
# The following tests have been removed from the dist since they no longer # The following tests have been removed from the dist since they no longer
# work. We need to fix the test suite's FTPS server first, then bring them # work. We need to fix the test suite's FTPS server first, then bring them

71
tests/data/test519 Normal file
View File

@ -0,0 +1,71 @@
#
# Server-side
<reply>
<data>
HTTP/1.1 200 OK swsbounce
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 8
content
</data>
<data1>
HTTP/1.1 200 OK swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 9
content2
</data1>
<datacheck>
HTTP/1.1 200 OK swsbounce
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 8
content
HTTP/1.1 200 OK swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Length: 9
content2
</datacheck>
</reply>
# Client-side
<client>
<server>
http
</server>
# tool is what to use instead of 'curl'
<tool>
lib519
</tool>
<name>
GET same URL twice with different users
</name>
<command>
http://%HOSTIP:%HTTPPORT/519
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<protocol>
GET /519 HTTP/1.1
Authorization: Basic bW9uc3Rlcjp1bmRlcmJlZA==
Host: 127.0.0.1:8990
Pragma: no-cache
Accept: */*
GET /519 HTTP/1.1
Authorization: Basic YW5vdGhlcm1vbnN0ZXI6aW53YXJkcm9iZQ==
Host: 127.0.0.1:8990
Pragma: no-cache
Accept: */*
</protocol>
</verify>

View File

@ -40,7 +40,7 @@ SUPPORTFILES = first.c test.h
# These are all libcurl test programs # These are all libcurl test programs
noinst_PROGRAMS = lib500 lib501 lib502 lib503 lib504 lib505 lib506 lib507 \ noinst_PROGRAMS = lib500 lib501 lib502 lib503 lib504 lib505 lib506 lib507 \
lib508 lib509 lib510 lib511 lib512 lib513 lib514 lib515 lib516 lib517 \ lib508 lib509 lib510 lib511 lib512 lib513 lib514 lib515 lib516 lib517 \
lib518 lib518 lib519
lib500_SOURCES = lib500.c $(SUPPORTFILES) lib500_SOURCES = lib500.c $(SUPPORTFILES)
lib500_LDADD = $(LIBDIR)/libcurl.la lib500_LDADD = $(LIBDIR)/libcurl.la
@ -117,3 +117,7 @@ lib517_DEPENDENCIES = $(LIBDIR)/libcurl.la
lib518_SOURCES = lib518.c $(SUPPORTFILES) lib518_SOURCES = lib518.c $(SUPPORTFILES)
lib518_LDADD = $(LIBDIR)/libcurl.la lib518_LDADD = $(LIBDIR)/libcurl.la
lib518_DEPENDENCIES = $(LIBDIR)/libcurl.la lib518_DEPENDENCIES = $(LIBDIR)/libcurl.la
lib519_SOURCES = lib519.c $(SUPPORTFILES)
lib519_LDADD = $(LIBDIR)/libcurl.la
lib519_DEPENDENCIES = $(LIBDIR)/libcurl.la

21
tests/libtest/lib519.c Normal file
View File

@ -0,0 +1,21 @@
#include "test.h"
int test(char *URL)
{
CURLcode res;
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, URL);
curl_easy_setopt(curl, CURLOPT_USERPWD, "monster:underbed");
curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
curl_easy_setopt(curl, CURLOPT_VERBOSE, TRUE);
/* get first page */
res = curl_easy_perform(curl);
curl_easy_setopt(curl, CURLOPT_USERPWD, "anothermonster:inwardrobe");
/* get second page */
res = curl_easy_perform(curl);
curl_easy_cleanup(curl);
return (int)res;
}