http: consume body on proxy auth failure

We must always consume the full parser body if we're going to
keep-alive.  So in the authentication failure case, continue advancing
the http message parser until it's complete, then we can retry the
connection.

Not doing so would mean that we have to tear the connection down and
start over.  Advancing through fully (even though we don't use the data)
will ensure that we can retry a connection with keep-alive.

1 files changed, 9 insertions, 4 deletions

diff --git a/src/transports/http.c b/src/transports/http.c
index bb4a6ebc2..eb5c35284 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -826,6 +826,7 @@ static int proxy_connect(
 	static http_parser_settings proxy_parser_settings = {0};
 	size_t bytes_read = 0, bytes_parsed;
 	parser_context ctx;
+	bool auth_replay;
 	int error;
 
 	/* Use the parser settings only to parser headers. */
@@ -837,6 +838,8 @@ static int proxy_connect(
 replay:
 	clear_parser_state(t);
 
+	auth_replay = false;
+
 	gitno_buffer_setup_fromstream(proxy_stream,
 		&t->parse_buffer,
 		t->parse_buffer_data,
@@ -884,10 +887,9 @@ replay:
 		}
 
 		/* Replay the request with authentication headers. */
-		if (PARSE_ERROR_REPLAY == t->parse_error)
-			goto replay;
-
-		if (t->parse_error < 0) {
+		if (PARSE_ERROR_REPLAY == t->parse_error) {
+			auth_replay = true;
+		} else if (t->parse_error < 0) {
 			error = t->parse_error == PARSE_ERROR_EXT ? PARSE_ERROR_EXT : -1;
 			goto done;
 		}
@@ -901,6 +903,9 @@ replay:
 		}
 	}
 
+	if (auth_replay)
+		goto replay;
+
 	if ((error = git_tls_stream_wrap(out, proxy_stream, t->server.url.host)) == 0)
 		error = stream_connect(*out, &t->server.url,
 		    t->owner->certificate_check_cb,