[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 05/41: digest_sspi: Don't reuse context if the user
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 05/41: digest_sspi: Don't reuse context if the user/passwd has changed |
Date: |
Sun, 20 Aug 2017 20:46:27 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.55.1
in repository gnurl.
commit 0b5665c98a0f8b12023d73014b5bb5d4de41a243
Author: Jay Satiro <address@hidden>
AuthorDate: Tue Aug 8 19:32:19 2017 -0400
digest_sspi: Don't reuse context if the user/passwd has changed
Bug: https://github.com/curl/curl/issues/1685
Reported-by: address@hidden
Assisted-by: Isaac Boukris
Closes https://github.com/curl/curl/pull/1742
---
lib/urldata.h | 4 ++++
lib/vauth/digest_sspi.c | 41 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 45 insertions(+)
diff --git a/lib/urldata.h b/lib/urldata.h
index 45ad04e0a..b4f18e7da 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -417,6 +417,10 @@ struct digestdata {
BYTE *input_token;
size_t input_token_len;
CtxtHandle *http_context;
+ /* copy of user/passwd used to make the identity for http_context.
+ either may be NULL. */
+ char *user;
+ char *passwd;
#else
char *nonce;
char *cnonce;
diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c
index 0bd94442d..f5d619c99 100644
--- a/lib/vauth/digest_sspi.c
+++ b/lib/vauth/digest_sspi.c
@@ -438,6 +438,20 @@ CURLcode Curl_auth_create_digest_http_message(struct
Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
}
+ /* If the user/passwd that was used to make the identity for http_context
+ has changed then delete that context. */
+ if((userp && !digest->user) || (!userp && digest->user) ||
+ (passwdp && !digest->passwd) || (!passwdp && digest->passwd) ||
+ (userp && digest->user && strcmp(userp, digest->user)) ||
+ (passwdp && digest->passwd && strcmp(passwdp, digest->passwd))) {
+ if(digest->http_context) {
+ s_pSecFn->DeleteSecurityContext(digest->http_context);
+ Curl_safefree(digest->http_context);
+ }
+ Curl_safefree(digest->user);
+ Curl_safefree(digest->passwd);
+ }
+
if(digest->http_context) {
chlg_desc.ulVersion = SECBUFFER_VERSION;
chlg_desc.cBuffers = 5;
@@ -479,6 +493,10 @@ CURLcode Curl_auth_create_digest_http_message(struct
Curl_easy *data,
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
TCHAR *spn;
+ /* free the copy of user/passwd used to make the previous identity */
+ Curl_safefree(digest->user);
+ Curl_safefree(digest->passwd);
+
if(userp && *userp) {
/* Populate our identity structure */
if(Curl_create_sspi_identity(userp, passwdp, &identity)) {
@@ -500,6 +518,25 @@ CURLcode Curl_auth_create_digest_http_message(struct
Curl_easy *data,
/* Use the current Windows user */
p_identity = NULL;
+ if(userp) {
+ digest->user = strdup(userp);
+
+ if(!digest->user) {
+ free(output_token);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+
+ if(passwdp) {
+ digest->passwd = strdup(passwdp);
+
+ if(!digest->passwd) {
+ free(output_token);
+ Curl_safefree(digest->user);
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+
/* Acquire our credentials handle */
status = s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT(SP_NAME_DIGEST),
@@ -623,6 +660,10 @@ void Curl_auth_digest_cleanup(struct digestdata *digest)
s_pSecFn->DeleteSecurityContext(digest->http_context);
Curl_safefree(digest->http_context);
}
+
+ /* Free the copy of user/passwd used to make the identity for http_context */
+ Curl_safefree(digest->user);
+ Curl_safefree(digest->passwd);
}
#endif /* USE_WINDOWS_SSPI && !CURL_DISABLE_CRYPTO_AUTH */
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 10/41: metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead, (continued)
- [GNUnet-SVN] [gnurl] 10/41: metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 09/41: dist: fix the cmake build by shipping cmake_uninstall.cmake.in too, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 02/41: make install: add 8 missing man pages to the installation, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 16/41: openssl: fix "error: this statement may fall through", gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 21/41: test2033: this went flaky again, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 20/41: test1447: verifies the parse proxy fix in 6e0e152ce5c, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 15/41: openssl: remove CONST_ASN1_BIT_STRING., gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 08/41: travis: verify "make install", gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 19/41: parse_proxy(): fix memory leak in case of invalid proxy server name, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 38/41: cmake: Threads detection update. ref: #1702, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 05/41: digest_sspi: Don't reuse context if the user/passwd has changed,
gnunet <=
- [GNUnet-SVN] [gnurl] 11/41: cmake: move cmake_uninstall.cmake to CMake/, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 14/41: maketgz: remove old *.dist files before making the tarball, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 28/41: bagder/Curl_tvdiff_us: fix the math, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 32/41: travis: test cmake build on tarball too, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 26/41: docs: fix typo funtion -> function, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 33/41: test2032: mark as flaky (again), gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 18/41: RELEASE-NOTES: synced with 37f2195a9, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 40/41: RELEASE-NOTES/THANKS: curl 7.55.1 release time, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 34/41: redirect: skip URL encoding for host names, gnunet, 2017/08/20
- [GNUnet-SVN] [gnurl] 17/41: curlver: bump to 7.55.1, gnunet, 2017/08/20