sasl: clear canceled mechanism instead of toggling it

author Joshua Rogers <MegaManSec@users.noreply.github.com>

Tue, 16 Sep 2025 18:27:23 +0000 (23:27 +0500)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 18 Sep 2025 15:27:29 +0000 (17:27 +0200)
author Joshua Rogers <MegaManSec@users.noreply.github.com>
Tue, 16 Sep 2025 18:27:23 +0000 (23:27 +0500)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 18 Sep 2025 15:27:29 +0000 (17:27 +0200)
diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c

index 8eb63fb949543c656f1434acf1e158eec99e0f30..9c86f3ea086e30b66ff1208170d6d0f962a19aa8 100644 (file)
--- a/lib/curl_sasl.c
+++ b/lib/curl_sasl.c
@@ -812,7 +812,9 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
  
    case SASL_CANCEL:
      /* Remove the offending mechanism from the supported list */
-    sasl->authmechs ^= sasl->authused;
+    sasl->authmechs &= (unsigned short)~sasl->authused;
+    sasl->authused = SASL_AUTH_NONE;
+    sasl->curmech = NULL;
  
      /* Start an alternative SASL authentication */
      return Curl_sasl_start(sasl, data, sasl->force_ir, progress);
author	Joshua Rogers <MegaManSec@users.noreply.github.com>
	Tue, 16 Sep 2025 18:27:23 +0000 (23:27 +0500)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 18 Sep 2025 15:27:29 +0000 (17:27 +0200)