-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix nonce-count generation in Curl_auth_create_digest_http_message() #1251
Conversation
@mkhon, thanks for your PR! By analyzing the history of the files in this pull request, we identified @bagder, @captain-caveman2k and @yangtse to be potential reviewers. |
- on the first invocation: keep security context returned by InitializeSecurityContext() - on subsequent invocations: use MakeSignature() instead of InitializeSecurityContext() to generate HTTP digest response
3534074
to
44dd348
Compare
(The test 1903 failure is probably unrelated as it seems to do this intermittently.) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good and works for me.
edit: nm I see what you did, typically for that I'd expect context to be a pointer ie |
I've just landed this with a test and modified your code slightly. I got rid of have_context by using a pointer to the http context that is NULL when there is no context. Also I renamed it as http_context so it is not accidentally confused in the future with the SASL/md5 version of context of the function in the same file. Further, I moved the MakeSignature block to before a new context is created so that if MakeSignature fails we delete the context and fall back on creating a new context. Your code is otherwise the same. So basically it is this now: if(http_context) { Thanks! |
@jay I am not sure this Curl_safefree() is ok: resp = malloc(output_token_len + 1);
} I think if the context is ok it should be kept for the subsequent invocations. |
Freeing the context there isn't needed but not for the reason you think. When CURLE_OUT_OF_MEMORY the connection is cleaned up, including digests, so that cleans up the valid context. I removed it in af5fbb1. |
This seems to have caused #1276 |
InitializeSecurityContext()
InitializeSecurityContext() to generate HTTP digest response
Fixes #870