Commit 24a8359b authored by Kamil Dudka's avatar Kamil Dudka Committed by Daniel Stenberg
Browse files

http: do not leak basic auth credentials on re-used connections 

CVE-2015-3236

This partially reverts commit curl-7_39_0-237-g87c4abb

Reported-by: Tomas Tomecek, Kamil Dudka
Bug: http://curl.haxx.se/docs/adv_20150617A.html
parent 24f0b6eb

lib/http.c

+4 −12
Original line number Diff line number Diff line
@@ -2312,20 +2312,12 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) 
                     te

      );



  /*

   * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with

   * the connection and shouldn't be repeated over it either.

   */

  switch (data->state.authhost.picked) {

  case CURLAUTH_NEGOTIATE:

  case CURLAUTH_NTLM:

  case CURLAUTH_NTLM_WB:

  /* clear userpwd to avoid re-using credentials from re-used connections */

  Curl_safefree(conn->allocptr.userpwd);

    break;

  }



  /*

   * Same for proxyuserpwd

   * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated

   * with the connection and shouldn't be repeated over it either.

   */

  switch (data->state.authproxy.picked) {

  case CURLAUTH_NEGOTIATE: