http: avoid auth failure on a duplicated header

... 'WWW-Authenticate: Negotiate' received from server

Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index f535d525c5588af54a8607a2c7d26563e79d48be..1261fe41e90a28d4a719967ff8b1203b29041cef 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -64,6 +64,7 @@ This release includes the following bugfixes:
  o curl_multi_cleanup: ignore SIGPIPE better [13]
  o schannel: don't use the connect-timeout during send [14]
  o mprintf: allow %.s with data not being zero terminated
+ o http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header [15]
 
 This release includes the following known bugs:
 
@@ -96,3 +97,4 @@ References to bug reports and discussions on issues:
  [12] = http://curl.haxx.se/mail/lib-2014-04/0161.html
  [13] = http://thread.gmane.org/gmane.comp.version-control.git/238242
  [14] = http://curl.haxx.se/bug/view.cgi?id=1352
+ [15] = https://bugzilla.redhat.com/1093348

diff --git a/lib/http.c b/lib/http.c
index fb433496646d1ad3c04671df0a18087266460726..937d241a20490979ba4ab98e6c59eedf1cb27cf6 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -780,7 +780,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy,
           infof(data, "Authentication problem. Ignoring this.\n");
           data->state.authproblem = TRUE;
         }
-        else {
+        else if(data->state.negotiate.state == GSS_AUTHNONE) {
           neg = Curl_input_negotiate(conn, proxy, auth);
           if(neg == 0) {
             DEBUGASSERT(!data->req.newurl);