curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-10 14:12:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

http: simplify the check for auth methods

Browse Source 
Avoids having to use the correct index into the line. Avoids repeated
use of is_valid_auth_separator.

Require that the following letter is not an alnum instead of checking
explicitly for ch == '\0' || ch == ',' || ISSPACE(ch). After all, the
point is to not erroneously match another auth string using the same
prefix.

Follow-up to b75620b9a0

Closes #16406
This commit is contained in:
Daniel Stenberg 2025-02-20 16:14:58 +01:00
parent 6bc65a444b
commit d1fc1c4a85
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/http.c
View File

@ -876,9 +876,11 @@ Curl_http_output_auth(struct Curl_easy *data,
!defined(CURL_DISABLE_DIGEST_AUTH) || \ !defined(CURL_DISABLE_DIGEST_AUTH) || \
!defined(CURL_DISABLE_BASIC_AUTH) || \ !defined(CURL_DISABLE_BASIC_AUTH) || \
!defined(CURL_DISABLE_BEARER_AUTH) !defined(CURL_DISABLE_BEARER_AUTH)
static int is_valid_auth_separator(char ch) static bool authcmp(const char *auth, const char *line)
{ {
return ch == '\0' || ch == ',' || ISSPACE(ch); /* the auth string must not have an alnum following */
size_t n = strlen(auth);
return strncasecompare(auth, line, n) && !ISALNUM(auth[n]);
} }
#endif #endif
@ -939,7 +941,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
while(*auth) { while(*auth) {
#ifdef USE_SPNEGO #ifdef USE_SPNEGO
if(checkprefix("Negotiate", auth) && is_valid_auth_separator(auth[9])) { if(authcmp("Negotiate", auth)) {
if((authp->avail & CURLAUTH_NEGOTIATE) || if((authp->avail & CURLAUTH_NEGOTIATE) ||
Curl_auth_is_spnego_supported()) { Curl_auth_is_spnego_supported()) {
*availp |= CURLAUTH_NEGOTIATE; *availp |= CURLAUTH_NEGOTIATE;
@ -965,7 +967,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
#endif #endif
#ifdef USE_NTLM #ifdef USE_NTLM
/* NTLM support requires the SSL crypto libs */ /* NTLM support requires the SSL crypto libs */
if(checkprefix("NTLM", auth) && is_valid_auth_separator(auth[4])) { if(authcmp("NTLM", auth)) {
if((authp->avail & CURLAUTH_NTLM) || if((authp->avail & CURLAUTH_NTLM) ||
Curl_auth_is_ntlm_supported()) { Curl_auth_is_ntlm_supported()) {
*availp |= CURLAUTH_NTLM; *availp |= CURLAUTH_NTLM;
@ -987,7 +989,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
else else
#endif #endif
#ifndef CURL_DISABLE_DIGEST_AUTH #ifndef CURL_DISABLE_DIGEST_AUTH
if(checkprefix("Digest", auth) && is_valid_auth_separator(auth[6])) { if(authcmp("Digest", auth)) {
if((authp->avail & CURLAUTH_DIGEST) != 0) if((authp->avail & CURLAUTH_DIGEST) != 0)
infof(data, "Ignoring duplicate digest auth header."); infof(data, "Ignoring duplicate digest auth header.");
else if(Curl_auth_is_digest_supported()) { else if(Curl_auth_is_digest_supported()) {
@ -1010,8 +1012,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
else else
#endif #endif
#ifndef CURL_DISABLE_BASIC_AUTH #ifndef CURL_DISABLE_BASIC_AUTH
if(checkprefix("Basic", auth) && if(authcmp("Basic", auth)) {
is_valid_auth_separator(auth[5])) {
*availp |= CURLAUTH_BASIC; *availp |= CURLAUTH_BASIC;
authp->avail |= CURLAUTH_BASIC; authp->avail |= CURLAUTH_BASIC;
if(authp->picked == CURLAUTH_BASIC) { if(authp->picked == CURLAUTH_BASIC) {
@ -1026,8 +1027,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy,
else else
#endif #endif
#ifndef CURL_DISABLE_BEARER_AUTH #ifndef CURL_DISABLE_BEARER_AUTH
if(checkprefix("Bearer", auth) && if(authcmp("Bearer", auth)) {
is_valid_auth_separator(auth[6])) {
*availp |= CURLAUTH_BEARER; *availp |= CURLAUTH_BEARER;
authp->avail |= CURLAUTH_BEARER; authp->avail |= CURLAUTH_BEARER;
if(authp->picked == CURLAUTH_BEARER) { if(authp->picked == CURLAUTH_BEARER) {