From ad64077869a527becbbbfbd77ec33f4246f66797 Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Mon, 30 Apr 2012 12:12:48 +0000
Subject: Don't reuse credentials if redirected to a different host.

Submitted by:	Niels Heinen <heinenn@google.com>
MFC after:	3 weeks
---
 lib/libfetch/http.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/libfetch/http.c')

diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index 557ff26..f6e063a 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -1779,7 +1779,9 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 					DEBUG(fprintf(stderr, "failed to parse new URL\n"));
 					goto ouch;
 				}
-				if (!*new->user && !*new->pwd) {
+
+				/* Only copy credentials if the host matches */
+				if (!strcmp(new->host, url->host) && !*new->user && !*new->pwd) {
 					strcpy(new->user, url->user);
 					strcpy(new->pwd, url->pwd);
 				}
-- 
cgit v1.1