Ralph Mitchell reported a flaw when you used a proxy with auth, and you

requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
This commit is contained in:
Daniel Stenberg 2005-02-18 23:53:07 +00:00
parent eadfd78c2e
commit 5ba188ab2d
5 changed files with 114 additions and 23 deletions

View File

@ -6,6 +6,15 @@
Changelog
Daniel (19 February 2005)
- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
requested data from a host and then followed a redirect to another
host. libcurl then didn't use the proxy-auth properly in the second request,
due to the host-only check for original host name wrongly being extended to
the proxy auth as well. Added test case 233 to verify the flaw and that the
fix removed the problem.
Daniel (18 February 2005)
- Mike Dobbs reported a mingw build failure due to the lack of
BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by

View File

@ -16,6 +16,7 @@ This release includes the following changes:
This release includes the following bugfixes:
o proxy auth bug when following redirects to another host
o socket leak when local bind failed
o HTTP POST with --anyauth picking NTLM
o SSL problems when downloading exactly 16KB data
@ -34,6 +35,6 @@ This release would not have looked like this without help, code, reports and
advice from friends like these:
Gisle Vanem, David Byron, Marty Kuhrt, Maruko, Eric Vergnaud, Christopher
R. Palmer, Mike Dobbs, David in bug report #1124588
R. Palmer, Mike Dobbs, David in bug report #1124588, Ralph Mitchell
Thanks! (and sorry if I forgot to mention someone)

View File

@ -403,24 +403,17 @@ Curl_http_output_auth(struct connectdata *conn,
and if this is one single bit it'll be used instantly. */
authproxy->picked = authproxy->want;
/* To prevent the user+password to get sent to other than the original
host due to a location-follow, we do some weirdo checks here */
if(!data->state.this_is_a_follow ||
!data->state.first_host ||
curl_strequal(data->state.first_host, conn->host.name) ||
data->set.http_disable_hostname_check_before_authentication) {
/* Send proxy authentication header if needed */
if (conn->bits.httpproxy &&
(conn->bits.tunnel_proxy == proxytunnel)) {
/* Send proxy authentication header if needed */
if (conn->bits.httpproxy &&
(conn->bits.tunnel_proxy == proxytunnel)) {
#ifdef USE_SSLEAY
if(authproxy->want == CURLAUTH_NTLM) {
auth=(char *)"NTLM";
result = Curl_output_ntlm(conn, TRUE);
if(result)
return result;
}
else
if(authproxy->want == CURLAUTH_NTLM) {
auth=(char *)"NTLM";
result = Curl_output_ntlm(conn, TRUE);
if(result)
return result;
}
else
#endif
if(authproxy->want == CURLAUTH_BASIC) {
/* Basic */
@ -454,10 +447,17 @@ Curl_http_output_auth(struct connectdata *conn,
else
authproxy->multi = FALSE;
}
else
/* we have no proxy so let's pretend we're done authenticating
with it */
authproxy->done = TRUE;
else
/* we have no proxy so let's pretend we're done authenticating
with it */
authproxy->done = TRUE;
/* To prevent the user+password to get sent to other than the original
host due to a location-follow, we do some weirdo checks here */
if(!data->state.this_is_a_follow ||
!data->state.first_host ||
curl_strequal(data->state.first_host, conn->host.name) ||
data->set.http_disable_hostname_check_before_authentication) {
/* Send web authentication header if needed */
{

View File

@ -32,7 +32,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \
test223 test224 test206 test207 test208 test209 test213 test240 \
test241 test242 test519 test214 test215 test216 test217 test218 \
test199 test225 test226 test227 test230 test231 test232 test228 \
test229
test229 test233
# The following tests have been removed from the dist since they no longer
# work. We need to fix the test suite's FTPS server first, then bring them

81
tests/data/test233 Normal file
View File

@ -0,0 +1,81 @@
#
# Server-side
<reply>
<data>
HTTP/1.1 302 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake swsclose
Content-Type: text/html
Funny-head: yesyes
Location: http://goto.second.host.now/2330002
Content-Length: 8
Connection: close
contents
</data>
<data2>
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake swsclose
Content-Type: text/html
Funny-head: yesyes
contents
</data2>
<datacheck>
HTTP/1.1 302 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake swsclose
Content-Type: text/html
Funny-head: yesyes
Location: http://goto.second.host.now/2330002
Content-Length: 8
Connection: close
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake swsclose
Content-Type: text/html
Funny-head: yesyes
contents
</datacheck>
</reply>
#
# Client-side
<client>
<server>
http
</server>
<name>
HTTP, proxy, site+proxy auth and Location: to new host
</name>
<command>
http://first.host.it.is/we/want/that/page/233 -x %HOSTIP:%HTTPPORT --user iam:myself --proxy-user testing:this --location
</command>
</client>
#
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET http://first.host.it.is/we/want/that/page/233 HTTP/1.1
Proxy-Authorization: Basic dGVzdGluZzp0aGlz
Authorization: Basic aWFtOm15c2VsZg==
Host: first.host.it.is
Pragma: no-cache
Accept: */*
GET http://goto.second.host.now/2330002 HTTP/1.1
Proxy-Authorization: Basic dGVzdGluZzp0aGlz
Host: goto.second.host.now
Pragma: no-cache
Accept: */*
</protocol>
</verify>