diff --git a/lib/conncache.c b/lib/conncache.c
index 67d3943b8f49f5d59b9e21e5451334c6642f3e99..f5ba8ff70a82a1f5028ecb32eede2c0c5b542122 100644
--- a/lib/conncache.c
+++ b/lib/conncache.c
@@ -160,12 +160,8 @@ static void hashkey(struct connectdata *conn, char *buf,
/* report back which name we used */
*hostp = hostname;
- /* put the numbers first so that the hostname gets cut off if too long */
-#ifdef ENABLE_IPV6
- msnprintf(buf, len, "%u/%ld/%s", conn->scope_id, port, hostname);
-#else
- msnprintf(buf, len, "%ld/%s", port, hostname);
-#endif
+ /* put the number first so that the hostname gets cut off if too long */
+ msnprintf(buf, len, "%ld%s", port, hostname);
Curl_strntolower(buf, buf, len);
}
diff --git a/lib/http.c b/lib/http.c
index 180edaf4bb8990a91835bff8412b7af6e1e87717..05b971b20438c80ced72419bb316ad1a51c9e03e 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -775,21 +775,6 @@ output_auth_headers(struct Curl_easy *data,
return CURLE_OK;
}
-/*
- * allow_auth_to_host() tells if autentication, cookies or other "sensitive
- * data" can (still) be sent to this host.
- */
-static bool allow_auth_to_host(struct Curl_easy *data)
-{
- struct connectdata *conn = data->conn;
- return (!data->state.this_is_a_follow ||
- data->set.allow_auth_to_other_hosts ||
- (data->state.first_host &&
- strcasecompare(data->state.first_host, conn->host.name) &&
- (data->state.first_remote_port == conn->remote_port) &&
- (data->state.first_remote_protocol == conn->handler->protocol)));
-}
-
/**
* Curl_http_output_auth() setups the authentication headers for the
* host/proxy and the correct authentication
@@ -862,14 +847,17 @@ Curl_http_output_auth(struct Curl_easy *data,
with it */
authproxy->done = TRUE;
- /* To prevent the user+password to get sent to other than the original host
- due to a location-follow */
- if(allow_auth_to_host(data)
+ /* To prevent the user+password to get sent to other than the original
+ host due to a location-follow, we do some weirdo checks here */
+ if(!data->state.this_is_a_follow ||
#ifndef CURL_DISABLE_NETRC
- || conn->bits.netrc
+ conn->bits.netrc ||
#endif
- )
+ !data->state.first_host ||
+ data->set.allow_auth_to_other_hosts ||
+ strcasecompare(data->state.first_host, conn->host.name)) {
result = output_auth_headers(data, conn, authhost, request, path, FALSE);
+ }
else
authhost->done = TRUE;
@@ -1925,7 +1913,10 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data,
checkprefix("Cookie:", compare)) &&
/* be careful of sending this potentially sensitive header to
other hosts */
- !allow_auth_to_host(data))
+ (data->state.this_is_a_follow &&
+ data->state.first_host &&
+ !data->set.allow_auth_to_other_hosts &&
+ !strcasecompare(data->state.first_host, conn->host.name)))
;
else {
#ifdef USE_HYPER
@@ -2097,7 +2088,6 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn)
return CURLE_OUT_OF_MEMORY;
data->state.first_remote_port = conn->remote_port;
- data->state.first_remote_protocol = conn->handler->protocol;
}
Curl_safefree(data->state.aptr.host);
diff --git a/lib/strcase.c b/lib/strcase.c
index cd04f2c0b5317a9086966c6f462daee4e59a170b..955e3c79eadb00e225d994d6b8d38fc85694bcb6 100644
--- a/lib/strcase.c
+++ b/lib/strcase.c
@@ -251,16 +251,6 @@ void Curl_strntolower(char *dest, const char *src, size_t n)
} while(*src++ && --n);
}
-/* Compare case-sensitive NUL-terminated strings, taking care of possible
- * null pointers. Return true if arguments match.
- */
-bool Curl_safecmp(char *a, char *b)
-{
- if(a && b)
- return !strcmp(a, b);
- return !a && !b;
-}
-
/* --- public functions --- */
int curl_strequal(const char *first, const char *second)
diff --git a/lib/strcase.h b/lib/strcase.h
index 127bfdd44ea558b55f4db080107dd43d2617a640..10dc6988174f420ff60f4c40b16a3714f5e96194 100644
--- a/lib/strcase.h
+++ b/lib/strcase.h
@@ -48,6 +48,4 @@ char Curl_raw_toupper(char in);
void Curl_strntoupper(char *dest, const char *src, size_t n);
void Curl_strntolower(char *dest, const char *src, size_t n);
-bool Curl_safecmp(char *a, char *b);
-
#endif /* HEADER_CURL_STRCASE_H */
diff --git a/lib/transfer.c b/lib/transfer.c
index 78bf349fc12c878e1531ed9697083e684a9ae0de..3e650b5b9e55b371188e1fcdf302e0280381cdad 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1652,57 +1652,10 @@ CURLcode Curl_follow(struct Curl_easy *data,
return CURLE_OUT_OF_MEMORY;
}
else {
+
uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);
if(uc)
return Curl_uc_to_curlcode(uc);
-
- /* Clear auth if this redirects to a different port number or protocol,
- unless permitted */
- if(!data->set.allow_auth_to_other_hosts && (type != FOLLOW_FAKE)) {
- char *portnum;
- int port;
- bool clear = FALSE;
-
- if(data->set.use_port && data->state.allow_port)
- /* a custom port is used */
- port = (int)data->set.use_port;
- else {
- uc = curl_url_get(data->state.uh, CURLUPART_PORT, &portnum,
- CURLU_DEFAULT_PORT);
- if(uc) {
- free(newurl);
- return Curl_uc_to_curlcode(uc);
- }
- port = atoi(portnum);
- free(portnum);
- }
- if(port != data->info.conn_remote_port) {
- infof(data, "Clear auth, redirects to port from %u to %u",
- data->info.conn_remote_port, port);
- clear = TRUE;
- }
- else {
- char *scheme;
- const struct Curl_handler *p;
- uc = curl_url_get(data->state.uh, CURLUPART_SCHEME, &scheme, 0);
- if(uc) {
- free(newurl);
- return Curl_uc_to_curlcode(uc);
- }
-
- p = Curl_builtin_scheme(scheme);
- if(p && (p->protocol != data->info.conn_protocol)) {
- infof(data, "Clear auth, redirects scheme from %s to %s",
- data->info.conn_scheme, scheme);
- clear = TRUE;
- }
- free(scheme);
- }
- if(clear) {
- Curl_safefree(data->state.aptr.user);
- Curl_safefree(data->state.aptr.passwd);
- }
- }
}
if(type == FOLLOW_FAKE) {
diff --git a/lib/url.c b/lib/url.c
index b93a921ed7e8d8c2ada54f39f9e217fec578293a..8a2845dddd87e00d9aaa4237324fd836ed977acb 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -784,7 +784,6 @@ static void conn_free(struct connectdata *conn)
Curl_safefree(conn->passwd);
Curl_safefree(conn->sasl_authzid);
Curl_safefree(conn->options);
- Curl_safefree(conn->oauth_bearer);
Curl_dyn_free(&conn->trailer);
Curl_safefree(conn->host.rawalloc); /* host name buffer */
Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */
@@ -1333,9 +1332,7 @@ ConnectionExists(struct Curl_easy *data,
/* This protocol requires credentials per connection,
so verify that we're using the same name and password as well */
if(strcmp(needle->user, check->user) ||
- strcmp(needle->passwd, check->passwd) ||
- !Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) ||
- !Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) {
+ strcmp(needle->passwd, check->passwd)) {
/* one of them was different */
continue;
}
@@ -3595,14 +3592,6 @@ static CURLcode create_conn(struct Curl_easy *data,
}
}
- if(data->set.str[STRING_BEARER]) {
- conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
- if(!conn->oauth_bearer) {
- result = CURLE_OUT_OF_MEMORY;
- goto out;
- }
- }
-
#ifdef USE_UNIX_SOCKETS
if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
diff --git a/lib/urldata.h b/lib/urldata.h
index ffbe56993ecf23e6e35383d9c756efddb00d1a38..1d9911208825c2a1aa83715199099396e5119059 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -979,7 +979,6 @@ struct connectdata {
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
char *sasl_authzid; /* authorisation identity string, allocated */
- char *oauth_bearer; /* OAUTH2 bearer, allocated */
unsigned char httpversion; /* the HTTP version*10 reported by the server */
struct curltime now; /* "current" time */
struct curltime created; /* creation time */
@@ -1324,16 +1323,14 @@ struct UrlState {
char *ulbuf; /* allocated upload buffer or NULL */
curl_off_t current_speed; /* the ProgressShow() function sets this,
bytes / second */
-
- /* host name, port number and protocol of the first (not followed) request.
- if set, this should be the host name that we will sent authorization to,
- no else. Used to make Location: following not keep sending user+password.
- This is strdup()ed data. */
- char *first_host;
- int first_remote_port;
- unsigned int first_remote_protocol;
-
+ char *first_host; /* host name of the first (not followed) request.
+ if set, this should be the host name that we will
+ sent authorization to, no else. Used to make Location:
+ following not keep sending user+password... This is
+ strdup() data.
+ */
int retrycount; /* number of retries on a new connection */
+ int first_remote_port; /* remote port of the first (not followed) request */
struct Curl_ssl_session *session; /* array of 'max_ssl_sessions' size */
long sessionage; /* number of the most recent session */
struct tempbuf tempwrite[3]; /* BOTH, HEADER, BODY */
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 4c24348c22058fcb83326b6469afc58b9e1d5e89..e5bbe1f5f095f4e96cb4fac57b26b34a3740f9e0 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -125,6 +125,15 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second)
return !memcmp(first->data, second->data, first->len); /* same data */
}
+static bool safecmp(char *a, char *b)
+{
+ if(a && b)
+ return !strcmp(a, b);
+ else if(!a && !b)
+ return TRUE; /* match */
+ return FALSE; /* no match */
+}
+
bool
Curl_ssl_config_matches(struct ssl_primary_config *data,
@@ -138,12 +147,12 @@ Curl_ssl_config_matches(struct ssl_primary_config *data,
blobcmp(data->cert_blob, needle->cert_blob) &&
blobcmp(data->ca_info_blob, needle->ca_info_blob) &&
blobcmp(data->issuercert_blob, needle->issuercert_blob) &&
- Curl_safecmp(data->CApath, needle->CApath) &&
- Curl_safecmp(data->CAfile, needle->CAfile) &&
- Curl_safecmp(data->issuercert, needle->issuercert) &&
- Curl_safecmp(data->clientcert, needle->clientcert) &&
- Curl_safecmp(data->random_file, needle->random_file) &&
- Curl_safecmp(data->egdsocket, needle->egdsocket) &&
+ safecmp(data->CApath, needle->CApath) &&
+ safecmp(data->CAfile, needle->CAfile) &&
+ safecmp(data->issuercert, needle->issuercert) &&
+ safecmp(data->clientcert, needle->clientcert) &&
+ safecmp(data->random_file, needle->random_file) &&
+ safecmp(data->egdsocket, needle->egdsocket) &&
Curl_safe_strcasecompare(data->cipher_list, needle->cipher_list) &&
Curl_safe_strcasecompare(data->cipher_list13, needle->cipher_list13) &&
Curl_safe_strcasecompare(data->curves, needle->curves) &&
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 55a752887f551d14ddccaf62f3eeb46b3796af42..c524b993e6890c0b4953e5e20d27b52b0442cd22 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -106,7 +106,7 @@ test854 test855 test856 test857 test858 test859 test860 test861 test862 \
test863 test864 test865 test866 test867 test868 test869 test870 test871 \
test872 test873 test874 test875 test876 test877 test878 test879 test880 \
test881 test882 test883 test884 test885 test886 test887 test888 test889 \
-test890 test891 test892 test893 test894 test895 test896 test897 test898 \
+test890 test891 test892 test893 test894 test895 test896 \
\
test900 test901 test902 test903 test904 test905 test906 test907 test908 \
test909 test910 test911 test912 test913 test914 test915 test916 test917 \
@@ -116,7 +116,7 @@ test936 test937 test938 test939 test940 test941 test942 test943 test944 \
test945 test946 test947 test948 test949 test950 test951 test952 test953 \
test954 test955 test956 test957 test958 test959 test960 test961 test962 \
test963 test964 test965 test966 test967 test968 test969 test970 test971 \
-test972 test973 test974 test975 test976 \
+test972 \
\
test980 test981 test982 test983 test984 test985 test986 \
\
diff --git a/tests/data/test898 b/tests/data/test898
deleted file mode 100644
index 314fc83b8bfc510980ad9144520c3e577b910523..0000000000000000000000000000000000000000
--- a/tests/data/test898
+++ /dev/null
@@ -1,90 +0,0 @@
-
-
-
-HTTP
---location
-Authorization
-Cookie
-
-
-
-#
-# Server-side
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-
-
-
-HTTP/1.1 200 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 4
-Connection: close
-Content-Type: text/html
-
-hey
-
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-
-HTTP/1.1 200 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 4
-Connection: close
-Content-Type: text/html
-
-hey
-
-
-
-
-#
-# Client-side
-
-
-http
-
-
-HTTP with custom auth and cookies redirected to HTTP on a diff port
-
-
--x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -H "Authorization: Basic am9lOnNlY3JldA==" -H "Cookie: userpwd=am9lOnNlY3JldA=="
-
-
-
-#
-# Verify data after the test has been "shot"
-
-
-GET http://firsthost.com/ HTTP/1.1
-Host: firsthost.com
-User-Agent: curl/%VERSION
-Accept: */*
-Proxy-Connection: Keep-Alive
-Authorization: Basic am9lOnNlY3JldA==
-Cookie: userpwd=am9lOnNlY3JldA==
-
-GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
-Host: firsthost.com:9999
-User-Agent: curl/%VERSION
-Accept: */*
-Proxy-Connection: Keep-Alive
-
-
-
-
diff --git a/tests/data/test973 b/tests/data/test973
deleted file mode 100644
index 219fc37b15b14000468ccdba798e2ac4958b1fcd..0000000000000000000000000000000000000000
--- a/tests/data/test973
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-
-HTTP
-FTP
---location
-
-
-
-#
-# Server-side
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
-
-
-
-data
- to
- see
-that FTP
-works
- so does it?
-
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
-
-data
- to
- see
-that FTP
-works
- so does it?
-
-
-
-
-#
-# Client-side
-
-
-http
-ftp
-
-
-HTTP with auth redirected to FTP w/o auth
-
-
-http://%HOSTIP:%HTTPPORT/%TESTNUMBER -L -u joe:secret
-
-
-
-#
-# Verify data after the test has been "shot"
-
-
-GET /%TESTNUMBER HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-Authorization: Basic am9lOnNlY3JldA==
-User-Agent: curl/%VERSION
-Accept: */*
-
-USER anonymous
-PASS ftp@example.com
-PWD
-CWD a
-CWD path
-EPSV
-TYPE I
-SIZE %TESTNUMBER0002
-RETR %TESTNUMBER0002
-QUIT
-
-
-
diff --git a/tests/data/test974 b/tests/data/test974
deleted file mode 100644
index 5630c42fe91c09cc40bf451e8d6a77f3d25c7281..0000000000000000000000000000000000000000
--- a/tests/data/test974
+++ /dev/null
@@ -1,87 +0,0 @@
-
-
-
-HTTP
---location
-
-
-
-#
-# Server-side
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-
-
-
-HTTP/1.1 200 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 4
-Connection: close
-Content-Type: text/html
-
-hey
-
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-
-HTTP/1.1 200 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 4
-Connection: close
-Content-Type: text/html
-
-hey
-
-
-
-
-#
-# Client-side
-
-
-http
-
-
-HTTP with auth redirected to HTTP on a diff port w/o auth
-
-
--x http://%HOSTIP:%HTTPPORT http://firsthost.com -L -u joe:secret
-
-
-
-#
-# Verify data after the test has been "shot"
-
-
-GET http://firsthost.com/ HTTP/1.1
-Host: firsthost.com
-Authorization: Basic am9lOnNlY3JldA==
-User-Agent: curl/%VERSION
-Accept: */*
-Proxy-Connection: Keep-Alive
-
-GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
-Host: firsthost.com:9999
-User-Agent: curl/%VERSION
-Accept: */*
-Proxy-Connection: Keep-Alive
-
-
-
-
diff --git a/tests/data/test975 b/tests/data/test975
deleted file mode 100644
index 53ca03126e98c2557f13aa2527c0017259a65a6a..0000000000000000000000000000000000000000
--- a/tests/data/test975
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-
-HTTP
-FTP
---location-trusted
-
-
-
-#
-# Server-side
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
-
-
-
-data
- to
- see
-that FTP
-works
- so does it?
-
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: ftp://%HOSTIP:%FTPPORT/a/path/%TESTNUMBER0002
-
-data
- to
- see
-that FTP
-works
- so does it?
-
-
-
-
-#
-# Client-side
-
-
-http
-ftp
-
-
-HTTP with auth redirected to FTP allowing auth to continue
-
-
-http://%HOSTIP:%HTTPPORT/%TESTNUMBER --location-trusted -u joe:secret
-
-
-
-#
-# Verify data after the test has been "shot"
-
-
-GET /%TESTNUMBER HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-Authorization: Basic am9lOnNlY3JldA==
-User-Agent: curl/%VERSION
-Accept: */*
-
-USER joe
-PASS secret
-PWD
-CWD a
-CWD path
-EPSV
-TYPE I
-SIZE %TESTNUMBER0002
-RETR %TESTNUMBER0002
-QUIT
-
-
-
diff --git a/tests/data/test976 b/tests/data/test976
deleted file mode 100644
index 77b4b88fb795f37dcb1fda31236f1cda9199d64b..0000000000000000000000000000000000000000
--- a/tests/data/test976
+++ /dev/null
@@ -1,88 +0,0 @@
-
-
-
-HTTP
---location-trusted
-
-
-
-#
-# Server-side
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-
-
-
-HTTP/1.1 200 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 4
-Connection: close
-Content-Type: text/html
-
-hey
-
-
-
-HTTP/1.1 301 redirect
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 0
-Connection: close
-Content-Type: text/html
-Location: http://firsthost.com:9999/a/path/%TESTNUMBER0002
-
-HTTP/1.1 200 OK
-Date: Tue, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake
-Content-Length: 4
-Connection: close
-Content-Type: text/html
-
-hey
-
-
-
-
-#
-# Client-side
-
-
-http
-
-
-HTTP with auth redirected to HTTP on a diff port --location-trusted
-
-
--x http://%HOSTIP:%HTTPPORT http://firsthost.com --location-trusted -u joe:secret
-
-
-
-#
-# Verify data after the test has been "shot"
-
-
-GET http://firsthost.com/ HTTP/1.1
-Host: firsthost.com
-Authorization: Basic am9lOnNlY3JldA==
-User-Agent: curl/%VERSION
-Accept: */*
-Proxy-Connection: Keep-Alive
-
-GET http://firsthost.com:9999/a/path/%TESTNUMBER0002 HTTP/1.1
-Host: firsthost.com:9999
-Authorization: Basic am9lOnNlY3JldA==
-User-Agent: curl/%VERSION
-Accept: */*
-Proxy-Connection: Keep-Alive
-
-
-
-