Ralph Mitchell reported a flaw when you used a proxy with auth, and you

requested data from a host and then followed a redirect to another host. libcurl then didn't use the proxy-auth properly in the second request, due to the host-only check for original host name wrongly being extended to the proxy auth as well. Added test case 233 to verify the flaw and that the fix removed the problem.
author: Daniel Stenberg <daniel@haxx.se> 2005-02-18 23:53:07 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2005-02-18 23:53:07 +0000
commit: 5ba188ab2dda19d63a908fd245d9727f2d5df4ea (patch)
tree: af1ac7455322c78afca751c7c6cd5352b3a7fc63
parent: eadfd78c2ec38c80990ec6abfd64431708f38dae (diff)
download: gnurl-5ba188ab2dda19d63a908fd245d9727f2d5df4ea.tar.gz
gnurl-5ba188ab2dda19d63a908fd245d9727f2d5df4ea.tar.bz2
gnurl-5ba188ab2dda19d63a908fd245d9727f2d5df4ea.zip
5 files changed, 114 insertions, 23 deletions
diff --git a/CHANGES b/CHANGES
index 1a209b569..55a4a72db 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,15 @@
 
                                   Changelog
 
+
+Daniel (19 February 2005)
+- Ralph Mitchell reported a flaw when you used a proxy with auth, and you
+  requested data from a host and then followed a redirect to another
+  host. libcurl then didn't use the proxy-auth properly in the second request,
+  due to the host-only check for original host name wrongly being extended to
+  the proxy auth as well. Added test case 233 to verify the flaw and that the
+  fix removed the problem.
+
 Daniel (18 February 2005)
 - Mike Dobbs reported a mingw build failure due to the lack of
   BUILDING_LIBCURL being defined when libcurl is built. Now this is defined by
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 6add05297..40aaecce0 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -16,6 +16,7 @@ This release includes the following changes:
 
 This release includes the following bugfixes:
 
+ o proxy auth bug when following redirects to another host
  o socket leak when local bind failed
  o HTTP POST with --anyauth picking NTLM
  o SSL problems when downloading exactly 16KB data
@@ -34,6 +35,6 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
  Gisle Vanem, David Byron, Marty Kuhrt, Maruko, Eric Vergnaud, Christopher
- R. Palmer, Mike Dobbs, David in bug report #1124588
+ R. Palmer, Mike Dobbs, David in bug report #1124588, Ralph Mitchell
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/http.c b/lib/http.c
index a5f29da3b..ae2594737 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -403,24 +403,17 @@ Curl_http_output_auth(struct connectdata *conn,
        and if this is one single bit it'll be used instantly. */
     authproxy->picked = authproxy->want;
 
-  /* To prevent the user+password to get sent to other than the original
-     host due to a location-follow, we do some weirdo checks here */
-  if(!data->state.this_is_a_follow ||
-     !data->state.first_host ||
-     curl_strequal(data->state.first_host, conn->host.name) ||
-     data->set.http_disable_hostname_check_before_authentication) {
-
-    /* Send proxy authentication header if needed */
-    if (conn->bits.httpproxy &&
-        (conn->bits.tunnel_proxy == proxytunnel)) {
+  /* Send proxy authentication header if needed */
+  if (conn->bits.httpproxy &&
+      (conn->bits.tunnel_proxy == proxytunnel)) {
 #ifdef USE_SSLEAY
-      if(authproxy->want == CURLAUTH_NTLM) {
-        auth=(char *)"NTLM";
-        result = Curl_output_ntlm(conn, TRUE);
-        if(result)
-          return result;
-      }
-      else
+    if(authproxy->want == CURLAUTH_NTLM) {
+      auth=(char *)"NTLM";
+      result = Curl_output_ntlm(conn, TRUE);
+      if(result)
+        return result;
+    }
+    else
 #endif
       if(authproxy->want == CURLAUTH_BASIC) {
         /* Basic */
@@ -454,10 +447,17 @@ Curl_http_output_auth(struct connectdata *conn,
       else
         authproxy->multi = FALSE;
     }
-    else
-      /* we have no proxy so let's pretend we're done authenticating
-         with it */
-      authproxy->done = TRUE;
+  else
+    /* we have no proxy so let's pretend we're done authenticating
+       with it */
+    authproxy->done = TRUE;
+
+  /* To prevent the user+password to get sent to other than the original
+     host due to a location-follow, we do some weirdo checks here */
+  if(!data->state.this_is_a_follow ||
+     !data->state.first_host ||
+     curl_strequal(data->state.first_host, conn->host.name) ||
+     data->set.http_disable_hostname_check_before_authentication) {
 
     /* Send web authentication header if needed */
     {
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index ebbfdab0b..509206733 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -32,7 +32,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	\
  test223 test224 test206 test207 test208 test209 test213 test240	\
  test241 test242 test519 test214 test215 test216 test217 test218	\
  test199 test225 test226 test227 test230 test231 test232 test228	\
- test229
+ test229 test233
 
 # The following tests have been removed from the dist since they no longer
 # work. We need to fix the test suite's FTPS server first, then bring them
diff --git a/tests/data/test233 b/tests/data/test233
new file mode 100644
index 000000000..0e329f7b6
--- /dev/null
+++ b/tests/data/test233
@@ -0,0 +1,81 @@
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Location: http://goto.second.host.now/2330002
+Content-Length: 8
+Connection: close
+
+contents
+</data>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+
+contents
+</data2>
+
+<datacheck>
+HTTP/1.1 302 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+Location: http://goto.second.host.now/2330002
+Content-Length: 8
+Connection: close
+
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake swsclose
+Content-Type: text/html
+Funny-head: yesyes
+
+contents
+</datacheck>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP, proxy, site+proxy auth and Location: to new host
+ </name>
+ <command>
+http://first.host.it.is/we/want/that/page/233 -x %HOSTIP:%HTTPPORT --user iam:myself --proxy-user testing:this --location
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://first.host.it.is/we/want/that/page/233 HTTP/1.1
+Proxy-Authorization: Basic dGVzdGluZzp0aGlz
+Authorization: Basic aWFtOm15c2VsZg==
+Host: first.host.it.is
+Pragma: no-cache
+Accept: */*
+
+GET http://goto.second.host.now/2330002 HTTP/1.1
+Proxy-Authorization: Basic dGVzdGluZzp0aGlz
+Host: goto.second.host.now
+Pragma: no-cache
+Accept: */*
+
+</protocol>
+</verify>
author	Daniel Stenberg <daniel@haxx.se>	2005-02-18 23:53:07 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2005-02-18 23:53:07 +0000
commit	5ba188ab2dda19d63a908fd245d9727f2d5df4ea (patch)
tree	af1ac7455322c78afca751c7c6cd5352b3a7fc63
parent	eadfd78c2ec38c80990ec6abfd64431708f38dae (diff)
download	gnurl-5ba188ab2dda19d63a908fd245d9727f2d5df4ea.tar.gz gnurl-5ba188ab2dda19d63a908fd245d9727f2d5df4ea.tar.bz2 gnurl-5ba188ab2dda19d63a908fd245d9727f2d5df4ea.zip