From 8683703ef3978983e61329801aecc554aec06055 Mon Sep 17 00:00:00 2001

From: Daniel Stenberg <daniel@haxx.se>

Date: Tue, 7 Jan 2014 09:33:54 +0100

Subject: [PATCH] ConnectionExists: fix NTLM check for new connection

When the requested authentication bitmask includes NTLM, we cannot

re-use a connection for another username/password as we then risk

re-using NTLM (connection-based auth).

This has the unfortunate downside that if you include NTLM as a possible

auth, you cannot re-use connections for other usernames/passwords even

if NTLM doesn't end up the auth type used.

Reported-by: Paras S

Patched-by: Paras S

Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html

[upstream commit 8ae35102c43d8d06572c3a1292eb6e27e663c78d]

Signed-off-by: Kamil Dudka <kdudka@redhat.com>

---

 lib/url.c |    4 ++--

 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/url.c b/lib/url.c

index bddbd91..313ec3e 100644

--- a/lib/url.c

+++ b/lib/url.c

@@ -2782,8 +2782,8 @@ ConnectionExists(struct SessionHandle *data,

   struct connectdata *check;

   struct connectdata *chosen = 0;

   bool canPipeline = IsPipeliningPossible(data, needle);

-  bool wantNTLM = (data->state.authhost.want==CURLAUTH_NTLM) ||

-                  (data->state.authhost.want==CURLAUTH_NTLM_WB) ? TRUE : FALSE;

+  bool wantNTLM = (data->state.authhost.want & CURLAUTH_NTLM) ||

+    (data->state.authhost.want & CURLAUTH_NTLM_WB) ? TRUE : FALSE;

   struct connectbundle *bundle;

   /* Look up the bundle with all the connections to this

-- 

1.7.1