http: clear digest nonce on cross-orgin redirect

Verify in test 1966

Reported-by: Yalguun Tumenkhuu
Closes #21359

diff --git a/lib/http.c b/lib/http.c
index 0506d6a43e566553d86112c8f4397db3a15da00d..9118c7e716acc1a9f38620db2eb00dc58aad305d 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -1245,6 +1245,11 @@ CURLcode Curl_http_follow(struct Curl_easy *data, const char *newurl,
     same_origin = Curl_url_same_origin(u, data->state.uh);
     curl_url_cleanup(u);
 
+#ifndef CURL_DISABLE_DIGEST_AUTH
+    if(!same_origin)
+      Curl_auth_digest_cleanup(&data->state.digest);
+#endif
+
     if((!same_origin && !data->set.allow_auth_to_other_hosts) ||
        !data->set.str[STRING_USERNAME]) {
       result = Curl_reset_userpwd(data);

diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 15724a4b538e803a3f7090aa9b743b9f31934048..2c25c0b1d24c0a9acee6cc054558f33530aa2979 100644 (file)
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -239,6 +239,7 @@ test1916 test1917 test1918 test1919 test1920 \
 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test1940 \
 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
 test1955 test1956 test1957 test1958 test1959 test1960 test1964 test1965 \
+test1966 \
 \
 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 \
 test1978 test1979 test1980 test1981 test1982 test1983 test1984 \

diff --git a/tests/data/test1966 b/tests/data/test1966
new file mode 100644 (file)
index 0000000..49270d0
--- /dev/null
+++ b/tests/data/test1966
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP Digest auth
+</keywords>
+</info>
+# Server-side
+<reply>
+<data crlf="headers">
+HTTP/1.1 401 Authorization Required
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+WWW-Authenticate: Basic realm="foothis"
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604199"
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 26
+
+This is not the real page
+</data>
+
+# Post-redirect
+<data2 crlf="headers">
+HTTP/1.1 200 OK
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 23
+
+This IS the real page!
+</data2>
+
+# This is supposed to be returned when the server gets a
+# Authorization: Digest line passed-in from the client
+<data1000 crlf="headers">
+HTTP/1.1 301 Redirect
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 3
+Location: http://host.corp.com:%HTTPPORT/%TESTNUMBER0002
+
+go
+</data1000>
+
+<datacheck crlf="headers">
+HTTP/1.1 401 Authorization Required
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+WWW-Authenticate: Basic realm="foothis"
+WWW-Authenticate: Digest realm="testrealm", nonce="1053604199"
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 26
+
+HTTP/1.1 301 Redirect
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 3
+Location: http://host.corp.com:%HTTPPORT/%TESTNUMBER0002
+
+HTTP/1.1 200 OK
+Server: Apache/1.3.27 (Darwin) PHP/4.1.2
+Content-Type: text/html; charset=iso-8859-1
+Content-Length: 23
+
+This IS the real page!
+</datacheck>
+
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+<features>
+!SSPI
+crypto
+digest
+</features>
+<name>
+netrc with digest and redirect to other origin
+</name>
+<command>
+--resolve host.evil.com:%HTTPPORT:%HOSTIP --resolve host.corp.com:%HTTPPORT:%HOSTIP --netrc-file %LOGDIR/netrc%TESTNUMBER --digest -L http://host.evil.com:%HTTPPORT/%TESTNUMBER --max-redirs 2
+</command>
+<file name="%LOGDIR/netrc%TESTNUMBER">
+machine host.evil.com
+  login evil_user
+  password evil_pass
+
+machine host.corp.com
+  login corporate_admin
+  password S3cretP@ssw0rd!
+</file>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="headers">
+GET /%TESTNUMBER HTTP/1.1
+Host: host.evil.com:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+GET /%TESTNUMBER HTTP/1.1
+Host: host.evil.com:%HTTPPORT
+Authorization: Digest username="evil_user", realm="testrealm", nonce="1053604199", uri="/%TESTNUMBER", response="4ccc7695a6a926b01dcba93a34d2d737"
+User-Agent: curl/%VERSION
+Accept: */*
+
+GET /%TESTNUMBER0002 HTTP/1.1
+Host: host.corp.com:%HTTPPORT
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>