Ralph Mitchell reported a flaw when you used a proxy with auth, and you

requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem.
2005-02-18 23:53:07 +00:00
parent eadfd78c2e
commit 5ba188ab2d
5 changed files with 114 additions and 23 deletions
--- a/lib/http.c
+++ b/lib/http.c
@@ -403,24 +403,17 @@ Curl_http_output_auth(struct connectdata *conn,
       and if this is one single bit it'll be used instantly. */
    authproxy->picked = authproxy->want;

-  /* To prevent the user+password to get sent to other than the original
-     host due to a location-follow, we do some weirdo checks here */
-  if(!data->state.this_is_a_follow ||
-     !data->state.first_host ||
-     curl_strequal(data->state.first_host, conn->host.name) ||
-     data->set.http_disable_hostname_check_before_authentication) {
-
-    /* Send proxy authentication header if needed */
-    if (conn->bits.httpproxy &&
-        (conn->bits.tunnel_proxy == proxytunnel)) {
+  /* Send proxy authentication header if needed */
+  if (conn->bits.httpproxy &&
+      (conn->bits.tunnel_proxy == proxytunnel)) {
 #ifdef USE_SSLEAY
-      if(authproxy->want == CURLAUTH_NTLM) {
-        auth=(char *)"NTLM";
-        result = Curl_output_ntlm(conn, TRUE);
-        if(result)
-          return result;
-      }
-      else
+    if(authproxy->want == CURLAUTH_NTLM) {
+      auth=(char *)"NTLM";
+      result = Curl_output_ntlm(conn, TRUE);
+      if(result)
+        return result;
+    }
+    else
 #endif
      if(authproxy->want == CURLAUTH_BASIC) {
        /* Basic */
@@ -454,10 +447,17 @@ Curl_http_output_auth(struct connectdata *conn,
      else
        authproxy->multi = FALSE;
    }
-    else
-      /* we have no proxy so let's pretend we're done authenticating
-         with it */
-      authproxy->done = TRUE;
+  else
+    /* we have no proxy so let's pretend we're done authenticating
+       with it */
+    authproxy->done = TRUE;
+
+  /* To prevent the user+password to get sent to other than the original
+     host due to a location-follow, we do some weirdo checks here */
+  if(!data->state.this_is_a_follow ||
+     !data->state.first_host ||
+     curl_strequal(data->state.first_host, conn->host.name) ||
+     data->set.http_disable_hostname_check_before_authentication) {

    /* Send web authentication header if needed */
    {