http: fix the check for 'Authorization' with Bearer

The code would wrongly check for it using an additional colon.

Reported-by: Blake Burkhart
Closes #6988

diff --git a/lib/http.c b/lib/http.c
index 3cb21760dd8301ff90ae5f2352348f0f9ae6d43c..e59ee6c2d31fd2ac7b43f16555c0b209aa7d93a2 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -740,7 +740,7 @@ output_auth_headers(struct Curl_easy *data,
   if(authstatus->picked == CURLAUTH_BEARER) {
     /* Bearer */
     if((!proxy && data->set.str[STRING_BEARER] &&
-        !Curl_checkheaders(data, "Authorization:"))) {
+        !Curl_checkheaders(data, "Authorization"))) {
       auth = "Bearer";
       result = http_output_bearer(data);
       if(result)

diff --git a/lib/transfer.c b/lib/transfer.c
index c31e22e00caddf0138373f49818181dd39fae7b0..3ed321dd49466b6edeb76721a60eaa8ad0c820ba 100644 (file)
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -99,6 +99,8 @@ char *Curl_checkheaders(const struct Curl_easy *data,
 {
   struct curl_slist *head;
   size_t thislen = strlen(thisheader);
+  DEBUGASSERT(thislen);
+  DEBUGASSERT(thisheader[thislen-1] != ':');
 
   for(head = data->set.headers; head; head = head->next) {
     if(strncasecompare(head->data, thisheader, thislen) &&