22534. r=gagan. We were leaking a single byte on non uname/pwd inclusive url's that required authentication, and we weren't over-writing the auth string when a auth realm wanted new credentials.

git-svn-id: svn://10.0.0.236/trunk@56610 18797224-902f-48f8-a5cc-f745e15eee43
1999-12-29 21:55:18 +00:00 · 1999-12-29 21:55:18 +00:00 · ddfd75d649
commit ddfd75d649
parent 9056c4e3a6
2 changed files with 10 additions and 5 deletions
--- a/mozilla/netwerk/protocol/http/src/nsHTTPChannel.cpp
+++ b/mozilla/netwerk/protocol/http/src/nsHTTPChannel.cpp
@ -1425,8 +1425,10 @@ nsHTTPChannel::Authenticate(const char *iChallenge,
        
        if (NS_SUCCEEDED(rv = mURI->GetPreHost(getter_Copies(prehost))))
        {
-            if (!(newUserPass = nsCRT::strdup(prehost)))
-                return NS_ERROR_OUT_OF_MEMORY;
+            if ((const char*)prehost) {
+                if (!(newUserPass = nsCRT::strdup(prehost)))
+                    return NS_ERROR_OUT_OF_MEMORY;
+            }
        }
    }

@ -1489,8 +1491,10 @@ nsHTTPChannel::Authenticate(const char *iChallenge,
        if (retval)
        {
            nsAutoString temp(user);
-            temp += ':';
-            temp += passwd;
+            if (passwd) {
+                temp += ':';
+                temp += passwd;
+            }
            CRTFREEIF(newUserPass);
            newUserPass = temp.ToNewCString();
        }
--- a/mozilla/netwerk/protocol/http/src/nsHTTPHeaderArray.cpp
+++ b/mozilla/netwerk/protocol/http/src/nsHTTPHeaderArray.cpp
@ -241,7 +241,8 @@ PRBool nsHTTPHeaderArray::IsHeaderMultiple(nsIAtom* aHeader)
      (nsHTTPAtoms::If_Unmodified_Since == aHeader) ||
      (nsHTTPAtoms::Max_Forwards        == aHeader) ||
      (nsHTTPAtoms::Referer             == aHeader) ||
-      (nsHTTPAtoms::User_Agent          == aHeader)) {
+      (nsHTTPAtoms::User_Agent          == aHeader) ||
+      (nsHTTPAtoms::Authorization       == aHeader)) {
    bIsMultiple = PR_FALSE;
  } else {
    bIsMultiple = PR_TRUE;