From 5ba188ab2dda19d63a908fd245d9727f2d5df4ea Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 18 Feb 2005 23:53:07 +0000 Subject: [PATCH] Ralph Mitchell reported a flaw when you used a proxy with auth, and you requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem. --- CHANGES | 9 +++++ RELEASE-NOTES | 3 +- lib/http.c | 42 +++++++++++----------- tests/data/Makefile.am | 2 +- tests/data/test233 | 81 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 114 insertions(+), 23 deletions(-) create mode 100644 tests/data/test233 diff --git a/CHANGES b/CHANGES index 1a209b569..55a4a72db 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,15 @@ Changelog + +Daniel (19 February 2005) +- Ralph Mitchell reported a flaw when you used a proxy with auth, and you + requested data from a host and then followed a redirect to another + host. libcurl then didn't use the proxy-auth properly in the second request, + due to the host-only check for original host name wrongly being extended to + the proxy auth as well. Added test case 233 to verify the flaw and that the + fix removed the problem. + Daniel (18 February 2005) - Mike Dobbs reported a mingw build failure due to the lack of BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 6add05297..40aaecce0 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -16,6 +16,7 @@ This release includes the following changes: This release includes the following bugfixes: + o proxy auth bug when following redirects to another host o socket leak when local bind failed o HTTP POST with --anyauth picking NTLM o SSL problems when downloading exactly 16KB data @@ -34,6 +35,6 @@ This release would not have looked like this without help, code, reports and advice from friends like these: Gisle Vanem, David Byron, Marty Kuhrt, Maruko, Eric Vergnaud, Christopher - R. Palmer, Mike Dobbs, David in bug report #1124588 + R. Palmer, Mike Dobbs, David in bug report #1124588, Ralph Mitchell Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/http.c b/lib/http.c index a5f29da3b..ae2594737 100644 --- a/lib/http.c +++ b/lib/http.c @@ -403,24 +403,17 @@ Curl_http_output_auth(struct connectdata *conn, and if this is one single bit it'll be used instantly. */ authproxy->picked = authproxy->want; - /* To prevent the user+password to get sent to other than the original - host due to a location-follow, we do some weirdo checks here */ - if(!data->state.this_is_a_follow || - !data->state.first_host || - curl_strequal(data->state.first_host, conn->host.name) || - data->set.http_disable_hostname_check_before_authentication) { - - /* Send proxy authentication header if needed */ - if (conn->bits.httpproxy && - (conn->bits.tunnel_proxy == proxytunnel)) { + /* Send proxy authentication header if needed */ + if (conn->bits.httpproxy && + (conn->bits.tunnel_proxy == proxytunnel)) { #ifdef USE_SSLEAY - if(authproxy->want == CURLAUTH_NTLM) { - auth=(char *)"NTLM"; - result = Curl_output_ntlm(conn, TRUE); - if(result) - return result; - } - else + if(authproxy->want == CURLAUTH_NTLM) { + auth=(char *)"NTLM"; + result = Curl_output_ntlm(conn, TRUE); + if(result) + return result; + } + else #endif if(authproxy->want == CURLAUTH_BASIC) { /* Basic */ @@ -454,10 +447,17 @@ Curl_http_output_auth(struct connectdata *conn, else authproxy->multi = FALSE; } - else - /* we have no proxy so let's pretend we're done authenticating - with it */ - authproxy->done = TRUE; + else + /* we have no proxy so let's pretend we're done authenticating + with it */ + authproxy->done = TRUE; + + /* To prevent the user+password to get sent to other than the original + host due to a location-follow, we do some weirdo checks here */ + if(!data->state.this_is_a_follow || + !data->state.first_host || + curl_strequal(data->state.first_host, conn->host.name) || + data->set.http_disable_hostname_check_before_authentication) { /* Send web authentication header if needed */ { diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index ebbfdab0b..509206733 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -32,7 +32,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \ test223 test224 test206 test207 test208 test209 test213 test240 \ test241 test242 test519 test214 test215 test216 test217 test218 \ test199 test225 test226 test227 test230 test231 test232 test228 \ - test229 + test229 test233 # The following tests have been removed from the dist since they no longer # work. We need to fix the test suite's FTPS server first, then bring them diff --git a/tests/data/test233 b/tests/data/test233 new file mode 100644 index 000000000..0e329f7b6 --- /dev/null +++ b/tests/data/test233 @@ -0,0 +1,81 @@ +# +# Server-side + + +HTTP/1.1 302 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Location: http://goto.second.host.now/2330002 +Content-Length: 8 +Connection: close + +contents + + +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes + +contents + + + +HTTP/1.1 302 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes +Location: http://goto.second.host.now/2330002 +Content-Length: 8 +Connection: close + +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake swsclose +Content-Type: text/html +Funny-head: yesyes + +contents + + + +# +# Client-side + + +http + + +HTTP, proxy, site+proxy auth and Location: to new host + + +http://first.host.it.is/we/want/that/page/233 -x %HOSTIP:%HTTPPORT --user iam:myself --proxy-user testing:this --location + + + +# +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET http://first.host.it.is/we/want/that/page/233 HTTP/1.1 +Proxy-Authorization: Basic dGVzdGluZzp0aGlz +Authorization: Basic aWFtOm15c2VsZg== +Host: first.host.it.is +Pragma: no-cache +Accept: */* + +GET http://goto.second.host.now/2330002 HTTP/1.1 +Proxy-Authorization: Basic dGVzdGluZzp0aGlz +Host: goto.second.host.now +Pragma: no-cache +Accept: */* + + +