diff --git a/lib/http.c b/lib/http.c index 0506d6a43e..9118c7e716 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1245,6 +1245,11 @@ CURLcode Curl_http_follow(struct Curl_easy *data, const char *newurl, same_origin = Curl_url_same_origin(u, data->state.uh); curl_url_cleanup(u); +#ifndef CURL_DISABLE_DIGEST_AUTH + if(!same_origin) + Curl_auth_digest_cleanup(&data->state.digest); +#endif + if((!same_origin && !data->set.allow_auth_to_other_hosts) || !data->set.str[STRING_USERNAME]) { result = Curl_reset_userpwd(data); diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 15724a4b53..2c25c0b1d2 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -239,6 +239,7 @@ test1916 test1917 test1918 test1919 test1920 \ test1933 test1934 test1935 test1936 test1937 test1938 test1939 test1940 \ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \ test1955 test1956 test1957 test1958 test1959 test1960 test1964 test1965 \ +test1966 \ \ test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 \ test1978 test1979 test1980 test1981 test1982 test1983 test1984 \ diff --git a/tests/data/test1966 b/tests/data/test1966 new file mode 100644 index 0000000000..49270d03a9 --- /dev/null +++ b/tests/data/test1966 @@ -0,0 +1,117 @@ + + + + +HTTP +HTTP GET +HTTP Digest auth + + +# Server-side + + +HTTP/1.1 401 Authorization Required +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +WWW-Authenticate: Basic realm="foothis" +WWW-Authenticate: Digest realm="testrealm", nonce="1053604199" +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 26 + +This is not the real page + + +# Post-redirect + +HTTP/1.1 200 OK +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 23 + +This IS the real page! + + +# This is supposed to be returned when the server gets a +# Authorization: Digest line passed-in from the client + +HTTP/1.1 301 Redirect +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 3 +Location: http://host.corp.com:%HTTPPORT/%TESTNUMBER0002 + +go + + + +HTTP/1.1 401 Authorization Required +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +WWW-Authenticate: Basic realm="foothis" +WWW-Authenticate: Digest realm="testrealm", nonce="1053604199" +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 26 + +HTTP/1.1 301 Redirect +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 3 +Location: http://host.corp.com:%HTTPPORT/%TESTNUMBER0002 + +HTTP/1.1 200 OK +Server: Apache/1.3.27 (Darwin) PHP/4.1.2 +Content-Type: text/html; charset=iso-8859-1 +Content-Length: 23 + +This IS the real page! + + + + +# Client-side + + +http + + +!SSPI +crypto +digest + + +netrc with digest and redirect to other origin + + +--resolve host.evil.com:%HTTPPORT:%HOSTIP --resolve host.corp.com:%HTTPPORT:%HOSTIP --netrc-file %LOGDIR/netrc%TESTNUMBER --digest -L http://host.evil.com:%HTTPPORT/%TESTNUMBER --max-redirs 2 + + +machine host.evil.com + login evil_user + password evil_pass + +machine host.corp.com + login corporate_admin + password S3cretP@ssw0rd! + + + +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER HTTP/1.1 +Host: host.evil.com:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + +GET /%TESTNUMBER HTTP/1.1 +Host: host.evil.com:%HTTPPORT +Authorization: Digest username="evil_user", realm="testrealm", nonce="1053604199", uri="/%TESTNUMBER", response="4ccc7695a6a926b01dcba93a34d2d737" +User-Agent: curl/%VERSION +Accept: */* + +GET /%TESTNUMBER0002 HTTP/1.1 +Host: host.corp.com:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + +