Commit ec5fde24 authored by Kamil Dudka's avatar Kamil Dudka
Browse files

http: avoid auth failure on a duplicated header 

... 'WWW-Authenticate: Negotiate' received from server

Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348
parent 13437567

RELEASE-NOTES

+2 −0
Original line number Diff line number Diff line
@@ -64,6 +64,7 @@ This release includes the following bugfixes: 
 o curl_multi_cleanup: ignore SIGPIPE better [13]

 o schannel: don't use the connect-timeout during send [14]

 o mprintf: allow %.s with data not being zero terminated

 o http: auth failure on duplicated 'WWW-Authenticate: Negotiate' header [15]



This release includes the following known bugs:
@@ -96,3 +97,4 @@ References to bug reports and discussions on issues: 
 [12] = http://curl.haxx.se/mail/lib-2014-04/0161.html

 [13] = http://thread.gmane.org/gmane.comp.version-control.git/238242

 [14] = http://curl.haxx.se/bug/view.cgi?id=1352

 [15] = https://bugzilla.redhat.com/1093348

lib/http.c

+1 −1
Original line number Diff line number Diff line
@@ -780,7 +780,7 @@ CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, 
          infof(data, "Authentication problem. Ignoring this.\n");

          data->state.authproblem = TRUE;

        }

        else {

        else if(data->state.negotiate.state == GSS_AUTHNONE) {

          neg = Curl_input_negotiate(conn, proxy, auth);

          if(neg == 0) {

            DEBUGASSERT(!data->req.newurl);