blob: 899ffb75a878cdf5479395f5ca9d3bd1657711eb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
Patch-Source: https://github.com/curl/curl/pull/11492
--
From 0470577eb4524f09d245e9e6afd42ba8677a5a19 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 20 Jul 2023 23:20:50 +0200
Subject: [PATCH 1/2] test979: test -u with redirect to (the same) absolute
host
---
tests/data/Makefile.inc | 1 +
tests/data/test979 | 64 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 65 insertions(+)
create mode 100644 tests/data/test979
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 8ee1394d4e562..12aefb14c0d1b 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -122,6 +122,7 @@ test943 test944 test945 test946 test947 test948 test949 test950 test951 \
test952 test953 test954 test955 test956 test957 test958 test959 test960 \
test961 test962 test963 test964 test965 test966 test967 test968 test969 \
test970 test971 test972 test973 test974 test975 test976 test977 test978 \
+test979 \
\
test980 test981 test982 test983 test984 test985 test986 test987 test988 \
test989 \
diff --git a/tests/data/test979 b/tests/data/test979
new file mode 100644
index 0000000000000..40cc35044d9f6
--- /dev/null
+++ b/tests/data/test979
@@ -0,0 +1,64 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+Basic
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data crlf="yes" nocheck="yes">
+HTTP/1.1 302 go go go
+Content-Length: 8
+Location: http://%HOSTIP:%HTTPPORT/user/%TESTNUMBER0002
+Content-Type: text/html
+Funny-head: yesyes
+
+notreal
+</data>
+<data2 crlf="yes">
+HTTP/1.1 200 OK
+Content-Length: 6
+Content-Type: text/html
+Funny-head: yesyes
+
+final
+</data2>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+-u with redirect to absolute URL using same origin and auth
+</name>
+<command>
+http://first:secret@%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u smith:doggie
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="yes">
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic c21pdGg6ZG9nZ2ll
+User-Agent: curl/%VERSION
+Accept: */*
+
+GET /user/%TESTNUMBER0002 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic c21pdGg6ZG9nZ2ll
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
From c1effdfe658ae505e8ea65e5f46d810c4b8d81cb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 20 Jul 2023 23:28:19 +0200
Subject: [PATCH 2/2] transfer: do not clear the credentials on redirect to
absolute URL
Makes test 979 work. Regression shipped in 8.2.0 from commit
dd4d1a26959f63a2c
Fixes #11486
Reported-by: Cloudogu Siebels
---
lib/transfer.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/lib/transfer.c b/lib/transfer.c
index 52cd6a0153673..b678004b95ad2 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1558,10 +1558,6 @@ CURLcode Curl_follow(struct Curl_easy *data,
/* If this is not redirect due to a 401 or 407 response and an absolute
URL: don't allow a custom port number */
disallowport = TRUE;
- if(!data->set.allow_auth_to_other_hosts) {
- Curl_safefree(data->state.aptr.user);
- Curl_safefree(data->state.aptr.passwd);
- }
}
DEBUGASSERT(data->state.uh);
|
