Commit 8ae35102 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

ConnectionExists: fix NTLM check for new connection 

When the requested authentication bitmask includes NTLM, we cannot
re-use a connection for another username/password as we then risk
re-using NTLM (connection-based auth).

This has the unfortunate downside that if you include NTLM as a possible
auth, you cannot re-use connections for other usernames/passwords even
if NTLM doesn't end up the auth type used.

Reported-by: Paras S
Patched-by: Paras S
Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html
parent fc0b4b0d

lib/url.c

+3 −3
Original line number Diff line number Diff line
@@ -5,7 +5,7 @@ 
 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms
@@ -2886,8 +2886,8 @@ ConnectionExists(struct SessionHandle *data, 
  struct connectdata *check;

  struct connectdata *chosen = 0;

  bool canPipeline = IsPipeliningPossible(data, needle);

  bool wantNTLM = (data->state.authhost.want==CURLAUTH_NTLM) ||

                  (data->state.authhost.want==CURLAUTH_NTLM_WB) ? TRUE : FALSE;

  bool wantNTLM = (data->state.authhost.want & CURLAUTH_NTLM) ||

    (data->state.authhost.want & CURLAUTH_NTLM_WB) ? TRUE : FALSE;

  struct connectbundle *bundle;



  *force_reuse = FALSE;