Harshal Pradhan fixed changing username/password on a persitent HTTP
connection.
This commit is contained in:
parent
4f567d0f81
commit
0d0d5e7ee3
10
CHANGES
10
CHANGES
@ -7,7 +7,17 @@
|
|||||||
Changelog
|
Changelog
|
||||||
|
|
||||||
|
|
||||||
|
Daniel (14 December 2004)
|
||||||
|
- Harshal Pradhan patched a HTTP persistent connection flaw: if the user name
|
||||||
|
and/or password were modified between two requests on a persistent
|
||||||
|
connection, the second request were still made with the first setup!
|
||||||
|
|
||||||
|
I added test case 519 to verify the fix.
|
||||||
|
|
||||||
Daniel (13 December 2004)
|
Daniel (13 December 2004)
|
||||||
|
- Gisle added CURLINFO_SSL_ENGINES to curl_easy_getinfo() to allow an app
|
||||||
|
to list all available crypto ENGINES.
|
||||||
|
|
||||||
- Gisle fixed bug report #1083542, which pointed out a problem with resuming
|
- Gisle fixed bug report #1083542, which pointed out a problem with resuming
|
||||||
large file (>4GB) file:// transfers on windows.
|
large file (>4GB) file:// transfers on windows.
|
||||||
|
|
||||||
|
@ -10,6 +10,7 @@ Curl and libcurl 7.12.3
|
|||||||
|
|
||||||
This release includes the following changes:
|
This release includes the following changes:
|
||||||
|
|
||||||
|
o added CURLINFO_SSL_ENGINES
|
||||||
o new configure options: --disable-cookies, --disable-crypto-auth and
|
o new configure options: --disable-cookies, --disable-crypto-auth and
|
||||||
--disable-verbose
|
--disable-verbose
|
||||||
o persistent ftp request improvements
|
o persistent ftp request improvements
|
||||||
@ -25,6 +26,7 @@ This release includes the following changes:
|
|||||||
|
|
||||||
This release includes the following bugfixes:
|
This release includes the following bugfixes:
|
||||||
|
|
||||||
|
o modified credentials between two requests on a persistent http connection
|
||||||
o large file file:// resumes on Windows
|
o large file file:// resumes on Windows
|
||||||
o URLs with username and IPv6 numerical addresses
|
o URLs with username and IPv6 numerical addresses
|
||||||
o configure works better with SSL libs in a "non-standard ld.so dir"
|
o configure works better with SSL libs in a "non-standard ld.so dir"
|
||||||
@ -67,6 +69,6 @@ advice from friends like these:
|
|||||||
Tim Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips,
|
Tim Sneddon, Ian Gulliver, Jean-Philippe Barrette-LaPierre, Jeff Phillips,
|
||||||
Wojciech Zwiefka, David Phillips, Reinout van Schouwen, Maurice Barnum,
|
Wojciech Zwiefka, David Phillips, Reinout van Schouwen, Maurice Barnum,
|
||||||
Richard Atterer, Rene Bernhardt, Matt Veenstra, Bryan Henderson, Ton Voon,
|
Richard Atterer, Rene Bernhardt, Matt Veenstra, Bryan Henderson, Ton Voon,
|
||||||
Kai Sommerfeld, David Byron
|
Kai Sommerfeld, David Byron, Harshal Pradhan
|
||||||
|
|
||||||
Thanks! (and sorry if I forgot to mention someone)
|
Thanks! (and sorry if I forgot to mention someone)
|
||||||
|
19
lib/url.c
19
lib/url.c
@ -3131,7 +3131,26 @@ static CURLcode CreateConnection(struct SessionHandle *data,
|
|||||||
/* get the user+password information from the old_conn struct since it may
|
/* get the user+password information from the old_conn struct since it may
|
||||||
* be new for this request even when we re-use an existing connection */
|
* be new for this request even when we re-use an existing connection */
|
||||||
conn->bits.user_passwd = old_conn->bits.user_passwd;
|
conn->bits.user_passwd = old_conn->bits.user_passwd;
|
||||||
|
if (conn->bits.user_passwd) {
|
||||||
|
/* use the new user namd and password though */
|
||||||
|
Curl_safefree(conn->user);
|
||||||
|
Curl_safefree(conn->passwd);
|
||||||
|
conn->user = old_conn->user;
|
||||||
|
conn->passwd = old_conn->passwd;
|
||||||
|
old_conn->user = NULL;
|
||||||
|
old_conn->passwd = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
|
conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
|
||||||
|
if (conn->bits.proxy_user_passwd) {
|
||||||
|
/* use the new proxy user name and proxy password though */
|
||||||
|
Curl_safefree(conn->proxyuser);
|
||||||
|
Curl_safefree(conn->proxypasswd);
|
||||||
|
conn->proxyuser = old_conn->proxyuser;
|
||||||
|
conn->proxypasswd = old_conn->proxypasswd;
|
||||||
|
old_conn->proxyuser = NULL;
|
||||||
|
old_conn->proxypasswd = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
/* host can change, when doing keepalive with a proxy ! */
|
/* host can change, when doing keepalive with a proxy ! */
|
||||||
if (conn->bits.httpproxy) {
|
if (conn->bits.httpproxy) {
|
||||||
|
@ -30,7 +30,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
|
|||||||
test193 test194 test195 test196 test197 test198 test515 test516 \
|
test193 test194 test195 test196 test197 test198 test515 test516 \
|
||||||
test517 test518 test210 test211 test212 test220 test221 test222 \
|
test517 test518 test210 test211 test212 test220 test221 test222 \
|
||||||
test223 test224 test206 test207 test208 test209 test213 test240 \
|
test223 test224 test206 test207 test208 test209 test213 test240 \
|
||||||
test241 test242
|
test241 test242 test519
|
||||||
|
|
||||||
# The following tests have been removed from the dist since they no longer
|
# The following tests have been removed from the dist since they no longer
|
||||||
# work. We need to fix the test suite's FTPS server first, then bring them
|
# work. We need to fix the test suite's FTPS server first, then bring them
|
||||||
|
71
tests/data/test519
Normal file
71
tests/data/test519
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
#
|
||||||
|
# Server-side
|
||||||
|
<reply>
|
||||||
|
<data>
|
||||||
|
HTTP/1.1 200 OK swsbounce
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake
|
||||||
|
Content-Length: 8
|
||||||
|
|
||||||
|
content
|
||||||
|
</data>
|
||||||
|
<data1>
|
||||||
|
HTTP/1.1 200 OK swsclose
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake
|
||||||
|
Content-Length: 9
|
||||||
|
|
||||||
|
content2
|
||||||
|
</data1>
|
||||||
|
<datacheck>
|
||||||
|
HTTP/1.1 200 OK swsbounce
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake
|
||||||
|
Content-Length: 8
|
||||||
|
|
||||||
|
content
|
||||||
|
HTTP/1.1 200 OK swsclose
|
||||||
|
Date: Thu, 09 Nov 2010 14:49:00 GMT
|
||||||
|
Server: test-server/fake
|
||||||
|
Content-Length: 9
|
||||||
|
|
||||||
|
content2
|
||||||
|
</datacheck>
|
||||||
|
</reply>
|
||||||
|
|
||||||
|
# Client-side
|
||||||
|
<client>
|
||||||
|
<server>
|
||||||
|
http
|
||||||
|
</server>
|
||||||
|
# tool is what to use instead of 'curl'
|
||||||
|
<tool>
|
||||||
|
lib519
|
||||||
|
</tool>
|
||||||
|
|
||||||
|
<name>
|
||||||
|
GET same URL twice with different users
|
||||||
|
</name>
|
||||||
|
<command>
|
||||||
|
http://%HOSTIP:%HTTPPORT/519
|
||||||
|
</command>
|
||||||
|
</client>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Verify data after the test has been "shot"
|
||||||
|
<verify>
|
||||||
|
<protocol>
|
||||||
|
GET /519 HTTP/1.1
|
||||||
|
Authorization: Basic bW9uc3Rlcjp1bmRlcmJlZA==
|
||||||
|
Host: 127.0.0.1:8990
|
||||||
|
Pragma: no-cache
|
||||||
|
Accept: */*
|
||||||
|
|
||||||
|
GET /519 HTTP/1.1
|
||||||
|
Authorization: Basic YW5vdGhlcm1vbnN0ZXI6aW53YXJkcm9iZQ==
|
||||||
|
Host: 127.0.0.1:8990
|
||||||
|
Pragma: no-cache
|
||||||
|
Accept: */*
|
||||||
|
|
||||||
|
</protocol>
|
||||||
|
</verify>
|
@ -40,7 +40,7 @@ SUPPORTFILES = first.c test.h
|
|||||||
# These are all libcurl test programs
|
# These are all libcurl test programs
|
||||||
noinst_PROGRAMS = lib500 lib501 lib502 lib503 lib504 lib505 lib506 lib507 \
|
noinst_PROGRAMS = lib500 lib501 lib502 lib503 lib504 lib505 lib506 lib507 \
|
||||||
lib508 lib509 lib510 lib511 lib512 lib513 lib514 lib515 lib516 lib517 \
|
lib508 lib509 lib510 lib511 lib512 lib513 lib514 lib515 lib516 lib517 \
|
||||||
lib518
|
lib518 lib519
|
||||||
|
|
||||||
lib500_SOURCES = lib500.c $(SUPPORTFILES)
|
lib500_SOURCES = lib500.c $(SUPPORTFILES)
|
||||||
lib500_LDADD = $(LIBDIR)/libcurl.la
|
lib500_LDADD = $(LIBDIR)/libcurl.la
|
||||||
@ -117,3 +117,7 @@ lib517_DEPENDENCIES = $(LIBDIR)/libcurl.la
|
|||||||
lib518_SOURCES = lib518.c $(SUPPORTFILES)
|
lib518_SOURCES = lib518.c $(SUPPORTFILES)
|
||||||
lib518_LDADD = $(LIBDIR)/libcurl.la
|
lib518_LDADD = $(LIBDIR)/libcurl.la
|
||||||
lib518_DEPENDENCIES = $(LIBDIR)/libcurl.la
|
lib518_DEPENDENCIES = $(LIBDIR)/libcurl.la
|
||||||
|
|
||||||
|
lib519_SOURCES = lib519.c $(SUPPORTFILES)
|
||||||
|
lib519_LDADD = $(LIBDIR)/libcurl.la
|
||||||
|
lib519_DEPENDENCIES = $(LIBDIR)/libcurl.la
|
||||||
|
21
tests/libtest/lib519.c
Normal file
21
tests/libtest/lib519.c
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
#include "test.h"
|
||||||
|
|
||||||
|
int test(char *URL)
|
||||||
|
{
|
||||||
|
CURLcode res;
|
||||||
|
CURL *curl = curl_easy_init();
|
||||||
|
curl_easy_setopt(curl, CURLOPT_URL, URL);
|
||||||
|
curl_easy_setopt(curl, CURLOPT_USERPWD, "monster:underbed");
|
||||||
|
curl_easy_setopt(curl, CURLOPT_HEADER, TRUE);
|
||||||
|
curl_easy_setopt(curl, CURLOPT_VERBOSE, TRUE);
|
||||||
|
/* get first page */
|
||||||
|
res = curl_easy_perform(curl);
|
||||||
|
|
||||||
|
curl_easy_setopt(curl, CURLOPT_USERPWD, "anothermonster:inwardrobe");
|
||||||
|
/* get second page */
|
||||||
|
res = curl_easy_perform(curl);
|
||||||
|
|
||||||
|
curl_easy_cleanup(curl);
|
||||||
|
return (int)res;
|
||||||
|
}
|
||||||
|
|
Loading…
x
Reference in New Issue
Block a user