Fred New reported a bug where we used Basic auth and user name and password in (01165e08) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -8,6 +8,11 @@


		Daniel (25 April 2005)
		- Fred New reported a bug where we used Basic auth and user name and password
		in .netrc, and when following a Location: the subsequent requests didn't
		properly use the auth as found in the netrc file. Added test case 257 to
		verify my fix.

		- Based on feedback from Cory Nelson, I added some preprocessor magic in
		/setup.h and /config-win32.h to build fine with VS2005 on x64.

+1 −0

Original line number	Diff line number	Diff line
		@@ -465,6 +465,7 @@ Curl_http_output_auth(struct connectdata *conn,
		/* To prevent the user+password to get sent to other than the original
		host due to a location-follow, we do some weirdo checks here */
		if(!data->state.this_is_a_follow \|\|
		conn->bits.netrc \|\|
		!data->state.first_host \|\|
		curl_strequal(data->state.first_host, conn->host.name) \|\|
		data->set.http_disable_hostname_check_before_authentication) {

+4 −4

Original line number	Diff line number	Diff line
		@@ -103,7 +103,7 @@ int Curl_parsenetrc(char *host,
		char *override = curl_getenv("CURL_DEBUG_NETRC");

		if (override) {
		printf("NETRC: overridden " NETRC " file: %s\n", home);
		fprintf(stderr, "NETRC: overridden " NETRC " file: %s\n", override);
		netrcfile = override;
		netrc_alloc = TRUE;
		}
		@@ -171,7 +171,7 @@ int Curl_parsenetrc(char *host,
		/* and yes, this is our host! */
		state=HOSTVALID;
		#ifdef _NETRC_DEBUG
		printf("HOST: %s\n", tok);
		fprintf(stderr, "HOST: %s\n", tok);
		#endif
		retcode=0; /* we did find our host */
		}
		@@ -188,7 +188,7 @@ int Curl_parsenetrc(char *host,
		else {
		strncpy(login, tok, LOGINSIZE-1);
		#ifdef _NETRC_DEBUG
		printf("LOGIN: %s\n", login);
		fprintf(stderr, "LOGIN: %s\n", login);
		#endif
		}
		state_login=0;
		@@ -197,7 +197,7 @@ int Curl_parsenetrc(char *host,
		if (state_our_login \|\| !specific_login) {
		strncpy(password, tok, PASSWORDSIZE-1);
		#ifdef _NETRC_DEBUG
		printf("PASSWORD: %s\n", password);
		fprintf(stderr, "PASSWORD: %s\n", password);
		#endif
		}
		state_password=0;

+10 −2

Original line number	Diff line number	Diff line
		@@ -3147,16 +3147,24 @@ static CURLcode CreateConnection(struct SessionHandle *data,
		user, passwd);
		}

		conn->bits.netrc = FALSE;
		if (data->set.use_netrc != CURL_NETRC_IGNORED) {
		if(Curl_parsenetrc(conn->host.name,
		user, passwd,
		data->set.netrc_file)) {
		infof(data, "Couldn't find host %s in the " DOT_CHAR "netrc file, using defaults\n",
		infof(data, "Couldn't find host %s in the " DOT_CHAR
		"netrc file, using defaults\n",
		conn->host.name);
		}
		else
		else {
		/* set bits.netrc TRUE to remember that we got the name from a .netrc
		file, so that it is safe to use even if we followed a Location: to a
		different host or similar. */
		conn->bits.netrc = TRUE;

		conn->bits.user_passwd = 1; /* enable user+password */
		}
		}

		/* If our protocol needs a password and we have none, use the defaults */
		if ( (conn->protocol & PROT_FTP) &&

+1 −0

Original line number	Diff line number	Diff line
		@@ -420,6 +420,7 @@ struct ConnectBits {
		bool ftp_use_lprt; /* As set with CURLOPT_FTP_USE_EPRT, but if we find out
		LPRT doesn't work we disable it for the forthcoming
		requests */
		bool netrc; /* name+password provided by netrc */
		};

		struct hostname {