Changelog
+
+Daniel (19 February 2005)
+- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
+ requested data from a host and then followed a redirect to another
+ host. libcurl then didn't use the proxy-auth properly in the second request,
+ due to the host-only check for original host name wrongly being extended to
+ the proxy auth as well. Added test case 233 to verify the flaw and that the
+ fix removed the problem.
+
Daniel (18 February 2005)
- Mike Dobbs reported a mingw build failure due to the lack of
BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
This release includes the following bugfixes:
+ o proxy auth bug when following redirects to another host
o socket leak when local bind failed
o HTTP POST with --anyauth picking NTLM
o SSL problems when downloading exactly 16KB data
advice from friends like these:
Gisle Vanem, David Byron, Marty Kuhrt, Maruko, Eric Vergnaud, Christopher
- R. Palmer, Mike Dobbs, David in bug report #1124588
+ R. Palmer, Mike Dobbs, David in bug report #1124588, Ralph Mitchell
Thanks! (and sorry if I forgot to mention someone)
and if this is one single bit it'll be used instantly. */
authproxy->picked = authproxy->want;
- /* To prevent the user+password to get sent to other than the original
- host due to a location-follow, we do some weirdo checks here */
- if(!data->state.this_is_a_follow ||
- !data->state.first_host ||
- curl_strequal(data->state.first_host, conn->host.name) ||
- data->set.http_disable_hostname_check_before_authentication) {
-
- /* Send proxy authentication header if needed */
- if (conn->bits.httpproxy &&
- (conn->bits.tunnel_proxy == proxytunnel)) {
+ /* Send proxy authentication header if needed */
+ if (conn->bits.httpproxy &&
+ (conn->bits.tunnel_proxy == proxytunnel)) {
#ifdef USE_SSLEAY
- if(authproxy->want == CURLAUTH_NTLM) {
- auth=(char *)"NTLM";
- result = Curl_output_ntlm(conn, TRUE);
- if(result)
- return result;
- }
- else
+ if(authproxy->want == CURLAUTH_NTLM) {
+ auth=(char *)"NTLM";
+ result = Curl_output_ntlm(conn, TRUE);
+ if(result)
+ return result;
+ }
+ else
#endif
if(authproxy->want == CURLAUTH_BASIC) {
/* Basic */
else
authproxy->multi = FALSE;
}
- else
- /* we have no proxy so let's pretend we're done authenticating
- with it */
- authproxy->done = TRUE;
+ else
+ /* we have no proxy so let's pretend we're done authenticating
+ with it */
+ authproxy->done = TRUE;
+
+ /* To prevent the user+password to get sent to other than the original
+ host due to a location-follow, we do some weirdo checks here */
+ if(!data->state.this_is_a_follow ||
+ !data->state.first_host ||
+ curl_strequal(data->state.first_host, conn->host.name) ||
+ data->set.http_disable_hostname_check_before_authentication) {
/* Send web authentication header if needed */
{
test223 test224 test206 test207 test208 test209 test213 test240 \
test241 test242 test519 test214 test215 test216 test217 test218 \
test199 test225 test226 test227 test230 test231 test232 test228 \
- test229
+ test229 test233
# The following tests have been removed from the dist since they no longer
# work. We need to fix the test suite's FTPS server first, then bring them
--- /dev/null
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Location: http://goto.second.host.now/2330002
+Content-Length: 8
+Connection: close
+
+contents
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+
+contents
+</data2>
+
+<datacheck>
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Location: http://goto.second.host.now/2330002
+Content-Length: 8
+Connection: close
+
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+
+contents
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP, proxy, site+proxy auth and Location: to new host
+ </name>
+ <command>
+http://first.host.it.is/we/want/that/page/233 -x %HOSTIP:%HTTPPORT --user iam:myself --proxy-user testing:this --location
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://first.host.it.is/we/want/that/page/233 HTTP/1.1\r
+Proxy-Authorization: Basic dGVzdGluZzp0aGlz\r
+Authorization: Basic aWFtOm15c2VsZg==\r
+Host: first.host.it.is\r
+Pragma: no-cache\r
+Accept: */*\r
+\r
+GET http://goto.second.host.now/2330002 HTTP/1.1\r
+Proxy-Authorization: Basic dGVzdGluZzp0aGlz\r
+Host: goto.second.host.now\r
+Pragma: no-cache\r
+Accept: */*\r
+\r
+</protocol>
+</verify>
projects / curl / commitdiff