diff options
| author | Harry Sintonen <sintonen@iki.fi> | 2021-05-03 00:04:39 +0300 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-05-03 16:35:14 +0200 |
| commit | b75620b9a05c0f0d03bd86e136ea5c8b8f1fecf2 (patch) | |
| tree | 8caae24ec2a1070f1f34dde3d5664f1e9b5c56b4 | |
| parent | 8b9de77cd25a4c07bdeec8c7ef8a6c7911ac98f7 (diff) | |
| download | curl-b75620b9a05c0f0d03bd86e136ea5c8b8f1fecf2.tar.gz | |
Curl_http_input_auth: require valid separator after negotiation type
Closes #6993
| -rw-r--r-- | lib/http.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/http.c b/lib/http.c index e59ee6c2d..1f5ca37b2 100644 --- a/lib/http.c +++ b/lib/http.c @@ -897,6 +897,11 @@ Curl_http_output_auth(struct Curl_easy *data, * proxy CONNECT loop. */ +static int is_valid_auth_separator(char ch) +{ + return ch == '\0' || ch == ',' || ISSPACE(ch); +} + CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, const char *auth) /* the first non-space */ { @@ -940,7 +945,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, while(*auth) { #ifdef USE_SPNEGO - if(checkprefix("Negotiate", auth)) { + if(checkprefix("Negotiate", auth) && is_valid_auth_separator(auth[9])) { if((authp->avail & CURLAUTH_NEGOTIATE) || Curl_auth_is_spnego_supported()) { *availp |= CURLAUTH_NEGOTIATE; @@ -966,7 +971,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, #endif #ifdef USE_NTLM /* NTLM support requires the SSL crypto libs */ - if(checkprefix("NTLM", auth)) { + if(checkprefix("NTLM", auth) && is_valid_auth_separator(auth[4])) { if((authp->avail & CURLAUTH_NTLM) || (authp->avail & CURLAUTH_NTLM_WB) || Curl_auth_is_ntlm_supported()) { @@ -1004,7 +1009,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, else #endif #ifndef CURL_DISABLE_CRYPTO_AUTH - if(checkprefix("Digest", auth)) { + if(checkprefix("Digest", auth) && is_valid_auth_separator(auth[6])) { if((authp->avail & CURLAUTH_DIGEST) != 0) infof(data, "Ignoring duplicate digest auth header.\n"); else if(Curl_auth_is_digest_supported()) { @@ -1026,7 +1031,8 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, } else #endif - if(checkprefix("Basic", auth)) { + if(checkprefix("Basic", auth) && + is_valid_auth_separator(auth[5])) { *availp |= CURLAUTH_BASIC; authp->avail |= CURLAUTH_BASIC; if(authp->picked == CURLAUTH_BASIC) { @@ -1039,7 +1045,8 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, } } else - if(checkprefix("Bearer", auth)) { + if(checkprefix("Bearer", auth) && + is_valid_auth_separator(auth[6])) { *availp |= CURLAUTH_BEARER; authp->avail |= CURLAUTH_BEARER; if(authp->picked == CURLAUTH_BEARER) { |