On Wed, 30 Oct 2013, Steve Holme wrote: > I will investigate this a little later and post my feedback. If we > could hang fire on pushing any fixes I would apprecaite it.
Here is my take on a fix - it attempts to extract the authentication header value, using copy_header_value() which it then passes onto Curl_http_input_auth(). This means that Curl_http_input_auth() doesn't have to then try and skip over the header key, as it currently does, but it also strips off the CRLF before Curl_base64_decode() is called (similar in principle to what I do in the email protocols) and thus keeping the job of Curl_base64_decode() to that of decoding a base64 encoded string and not having to worry about protocol layer characters. The reason for using copy_header_value() is that it not only extracts the value but copies it to a new string rather than placing an inline 0x00 terminator into the header line directly (which is currently what I do in the email protocols - I little dangerous I know but I also know the buffer isn't going to used again elsewhere in these protocols - and because of my limited understanding of our HTTP implementation I can't be sure of that). As I don't currently run the test suite locally nor have access to a HTTP server using HTTP Authentication would someone be so kind to test the enclosed patch? Many thanks in advance Kind Regards Steve
0001-http-Added-authentication-message-header-value-extra.patch
Description: Binary data
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
