Don't reuse credentials if redirected to a different host.

Submitted by: Niels Heinen <heinenn@google.com> MFC after: 3 weeks
author: des <des@FreeBSD.org> 2012-04-30 12:12:48 +0000
committer: des <des@FreeBSD.org> 2012-04-30 12:12:48 +0000
commit: ad64077869a527becbbbfbd77ec33f4246f66797 (patch)
tree: 003f6d8832f6b3250cff1e865714b8cc0bea5b1e /lib/libfetch
parent: 34d79578aeedbc39d45d249d6c26209e9cd105c2 (diff)
download: FreeBSD-src-ad64077869a527becbbbfbd77ec33f4246f66797.zip
FreeBSD-src-ad64077869a527becbbbfbd77ec33f4246f66797.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index 557ff26..f6e063a 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -1779,7 +1779,9 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 					DEBUG(fprintf(stderr, "failed to parse new URL\n"));
 					goto ouch;
 				}
-				if (!*new->user && !*new->pwd) {
+
+				/* Only copy credentials if the host matches */
+				if (!strcmp(new->host, url->host) && !*new->user && !*new->pwd) {
 					strcpy(new->user, url->user);
 					strcpy(new->pwd, url->pwd);
 				}
author	des <des@FreeBSD.org>	2012-04-30 12:12:48 +0000
committer	des <des@FreeBSD.org>	2012-04-30 12:12:48 +0000
commit	ad64077869a527becbbbfbd77ec33f4246f66797 (patch)
tree	003f6d8832f6b3250cff1e865714b8cc0bea5b1e /lib/libfetch
parent	34d79578aeedbc39d45d249d6c26209e9cd105c2 (diff)
download	FreeBSD-src-ad64077869a527becbbbfbd77ec33f4246f66797.zip FreeBSD-src-ad64077869a527becbbbfbd77ec33f4246f66797.tar.gz