From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 27 May 2021 08:19:50 +0000 (+0200)
Subject: c-hyper: clear NTLM auth buffer when request is issued
X-Git-Tag: curl-7_78_0~253
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=23b99fc94c5a872760c4177ee15b5e394a38e280;p=thirdparty%2Fcurl.git

c-hyper: clear NTLM auth buffer when request is issued

To prevent previous ones to get reused on subsequent requests. Matches
how the built-in HTTP code works. Makes test 90 to 93 work.

Add test 90 to 93 in travis.

Closes #7139
---

diff --git a/.travis.yml b/.travis.yml
index 07d6be5484..0b4b4e4307 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -116,7 +116,7 @@ jobs:
         - libbrotli-dev
         - libzstd-dev
   - env:
-    - T=debug HYPER="yes" C="--with-hyper=$HOME/hyper --with-openssl" LD_LIBRARY_PATH=$HOME/hyper/target/debug:/usr/local/lib TFLAGS="1 to 89"
+    - T=debug HYPER="yes" C="--with-hyper=$HOME/hyper --with-openssl" LD_LIBRARY_PATH=$HOME/hyper/target/debug:/usr/local/lib TFLAGS="1 to 93"
     addons:
       apt:
         <<: *common_apt
diff --git a/lib/c-hyper.c b/lib/c-hyper.c
index 5908f6e1f7..b6654f5c28 100644
--- a/lib/c-hyper.c
+++ b/lib/c-hyper.c
@@ -881,6 +881,10 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
   }
   conn->datastream = Curl_hyper_stream;
 
+  /* clear userpwd and proxyuserpwd to avoid re-using old credentials
+   * from re-used connections */
+  Curl_safefree(data->state.aptr.userpwd);
+  Curl_safefree(data->state.aptr.proxyuserpwd);
   return CURLE_OK;
   error: