generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

test 2027/2030: take duplicate Digest requests into account

Browse Source 
With the reversion of ce8311c7e4 and the new clear logic, this flaw
is present and we allow it.
This commit is contained in:
Daniel Stenberg
2012-11-05 23:58:31 +01:00
parent 13ce9031cc
commit 8d97bed806
2 changed files with 46 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tests/data/test2027
View File

@@ -9,6 +9,17 @@ HTTP Digest auth
# Server-side
<reply>
<!--
Explanation for the duplicate 400 requests:
libcurl doesn't detect that a given Digest password is wrong already on the
first 401 response (as the data400 gives). libcurl will instead consider the
new response just as a duplicate and it sends another and detects the auth
problem on the second 401 response!
-->
<!-- First request has Digest auth, wrong password -->
<data100>
HTTP/1.1 401 Need Digest auth
@@ -93,16 +104,6 @@ This is a bad password page!
</data1400>
<!-- Fifth request has Digest auth, right password -->
<data500>
HTTP/1.1 401 Need Digest auth (5)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 27
WWW-Authenticate: Digest realm="testrealm", nonce="8"
This is not the real page!
</data500>
<data1500>
HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0
@@ -151,6 +152,12 @@ Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Digest realm="testrealm", nonce="7"
HTTP/1.1 401 Sorry wrong password (3)
Server: Microsoft-IIS/5.0
Content-Type: text/html; charset=iso-8859-1
Content-Length: 29
WWW-Authenticate: Digest realm="testrealm", nonce="7"
This is a bad password page!
HTTP/1.1 200 Things are fine in server land (2)
Server: Microsoft-IIS/5.0
@@ -222,6 +229,11 @@ Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/2
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /20270400 HTTP/1.1
Authorization: Digest username="testuser", realm="testrealm", nonce="5", uri="/20270400", response="f5906785511fb60a2af8b1cd53008ead"
Host: %HOSTIP:%HTTPPORT
Accept: */*
GET /20270500 HTTP/1.1
Authorization: Digest username="testuser", realm="testrealm", nonce="7", uri="/20270500", response="8ef4d935fd964a46c3965c0863b52cf1"
Host: %HOSTIP:%HTTPPORT