author | yiteng.zhang@oracle.com <yiteng.zhang@oracle.com> |
Wed, 27 Jan 2016 20:55:37 -0800 | |
changeset 5356 | 94c0413a88fc |
permissions | -rw-r--r-- |
5356
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
1 |
CVE-2016-0755: libcurl will reuse NTLM-authenticated proxy connections without |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
2 |
properly making sure that the connection was authenticated with the same |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
3 |
credentials as set for this transfer. |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
4 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
5 |
CVE webpage for this problem: |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
6 |
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0755 |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
7 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
8 |
Relevant upstream patch: |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
9 |
http://curl.haxx.se/CVE-2016-0755.patch |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
10 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
11 |
--- lib/url.c.orig |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
12 |
+++ lib/url.c |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
13 |
@@ -3126,15 +3126,20 @@ ConnectionExists(struct SessionHandle *data, |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
14 |
{ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
15 |
struct connectdata *check; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
16 |
struct connectdata *chosen = 0; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
17 |
bool canPipeline = IsPipeliningPossible(data, needle); |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
18 |
+ struct connectbundle *bundle; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
19 |
+ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
20 |
#ifdef USE_NTLM |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
21 |
- bool wantNTLMhttp = ((data->state.authhost.want & CURLAUTH_NTLM) || |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
22 |
- (data->state.authhost.want & CURLAUTH_NTLM_WB)) && |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
23 |
- (needle->handler->protocol & PROTO_FAMILY_HTTP) ? TRUE : FALSE; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
24 |
+ bool wantNTLMhttp = ((data->state.authhost.want & |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
25 |
+ (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) && |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
26 |
+ (needle->handler->protocol & PROTO_FAMILY_HTTP)); |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
27 |
+ bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd && |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
28 |
+ ((data->state.authproxy.want & |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
29 |
+ (CURLAUTH_NTLM | CURLAUTH_NTLM_WB)) && |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
30 |
+ (needle->handler->protocol & PROTO_FAMILY_HTTP))); |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
31 |
#endif |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
32 |
- struct connectbundle *bundle; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
33 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
34 |
*force_reuse = FALSE; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
35 |
*waitpipe = FALSE; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
36 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
37 |
/* We can't pipe if the site is blacklisted */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
38 |
@@ -3186,13 +3191,10 @@ ConnectionExists(struct SessionHandle *data, |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
39 |
} |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
40 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
41 |
curr = bundle->conn_list->head; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
42 |
while(curr) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
43 |
bool match = FALSE; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
44 |
-#if defined(USE_NTLM) |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
45 |
- bool credentialsMatch = FALSE; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
46 |
-#endif |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
47 |
size_t pipeLen; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
48 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
49 |
/* |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
50 |
* Note that if we use a HTTP proxy, we check connections to that |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
51 |
* proxy and not to the actual remote server. |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
52 |
@@ -3298,25 +3300,18 @@ ConnectionExists(struct SessionHandle *data, |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
53 |
!needle->localdev || |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
54 |
strcmp(check->localdev, needle->localdev)) |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
55 |
continue; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
56 |
} |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
57 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
58 |
- if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
59 |
-#ifdef USE_NTLM |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
60 |
- || (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE) |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
61 |
-#endif |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
62 |
- ) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
63 |
- /* This protocol requires credentials per connection or is HTTP+NTLM, |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
64 |
+ if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
65 |
+ /* This protocol requires credentials per connection, |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
66 |
so verify that we're using the same name and password as well */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
67 |
if(!strequal(needle->user, check->user) || |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
68 |
!strequal(needle->passwd, check->passwd)) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
69 |
/* one of them was different */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
70 |
continue; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
71 |
} |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
72 |
-#if defined(USE_NTLM) |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
73 |
- credentialsMatch = TRUE; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
74 |
-#endif |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
75 |
} |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
76 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
77 |
if(!needle->bits.httpproxy || needle->handler->flags&PROTOPT_SSL || |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
78 |
(needle->bits.httpproxy && check->bits.httpproxy && |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
79 |
needle->bits.tunnel_proxy && check->bits.tunnel_proxy && |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
80 |
@@ -3372,24 +3367,47 @@ ConnectionExists(struct SessionHandle *data, |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
81 |
already authenticating with the right credentials. If not, keep |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
82 |
looking so that we can reuse NTLM connections if |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
83 |
possible. (Especially we must not reuse the same connection if |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
84 |
partway through a handshake!) */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
85 |
if(wantNTLMhttp) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
86 |
- if(credentialsMatch && check->ntlm.state != NTLMSTATE_NONE) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
87 |
- chosen = check; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
88 |
+ if(!strequal(needle->user, check->user) || |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
89 |
+ !strequal(needle->passwd, check->passwd)) |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
90 |
+ continue; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
91 |
+ } |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
92 |
+ else if(check->ntlm.state != NTLMSTATE_NONE) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
93 |
+ /* Connection is using NTLM auth but we don't want NTLM */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
94 |
+ continue; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
95 |
+ } |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
96 |
+ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
97 |
+ /* Same for Proxy NTLM authentication */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
98 |
+ if(wantProxyNTLMhttp) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
99 |
+ if(!strequal(needle->proxyuser, check->proxyuser) || |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
100 |
+ !strequal(needle->proxypasswd, check->proxypasswd)) |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
101 |
+ continue; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
102 |
+ } |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
103 |
+ else if(check->proxyntlm.state != NTLMSTATE_NONE) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
104 |
+ /* Proxy connection is using NTLM auth but we don't want NTLM */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
105 |
+ continue; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
106 |
+ } |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
107 |
+ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
108 |
+ if(wantNTLMhttp || wantProxyNTLMhttp) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
109 |
+ /* Credentials are already checked, we can use this connection */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
110 |
+ chosen = check; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
111 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
112 |
+ if((wantNTLMhttp && |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
113 |
+ (check->ntlm.state != NTLMSTATE_NONE)) || |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
114 |
+ (wantProxyNTLMhttp && |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
115 |
+ (check->proxyntlm.state != NTLMSTATE_NONE))) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
116 |
/* We must use this connection, no other */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
117 |
*force_reuse = TRUE; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
118 |
break; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
119 |
} |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
120 |
- else if(credentialsMatch) |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
121 |
- /* this is a backup choice */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
122 |
- chosen = check; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
123 |
+ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
124 |
+ /* Continue look up for a better connection */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
125 |
continue; |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
126 |
} |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
127 |
#endif |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
128 |
- |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
129 |
if(canPipeline) { |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
130 |
/* We can pipeline if we want to. Let's continue looking for |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
131 |
the optimal connection to use, i.e the shortest pipe that is not |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
132 |
blacklisted. */ |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
133 |
|
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
134 |
-- |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
135 |
2.7.0.rc3 |
94c0413a88fc
22599190 problem in LIBRARY/CURL
yiteng.zhang@oracle.com <yiteng.zhang@oracle.com>
parents:
diff
changeset
|
136 |