granicus.if.org Git - curl/commit

]> granicus.if.org Git - curl/commit

author	Daniel Stenberg <daniel@haxx.se>
	Sat, 18 Apr 2015 21:50:16 +0000 (23:50 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Tue, 21 Apr 2015 21:20:37 +0000 (23:20 +0200)
commit	79b9d5f1a42578f807a6c94914bc65cbaa304b6d
tree	b90cfdb4f416b791700635fc986bb99701783971	tree \| snapshot
parent	0583e87ada7a3cfb10904ae4ab61b339582c5bd3	commit \| diff

http_done: close Negotiate connections when done

When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.

CVE-2015-3148

Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris

lib/http.c

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom