http: do not leak basic auth credentials on re-used connections CVE-2015-3236 This partially reverts commit curl-7_39_0-237-g87c4abb Reported-by: Tomas Tomecek, Kamil Dudka Bug: http://curl.haxx.se/docs/adv_20150617A.html

commit: 24a8359b256f8a3d7892f21f156a4bf0a42710d5 [log] [tgz]
author: Kamil Dudka <kdudka@redhat.com> Thu May 28 20:04:35 2015 +0200
committer: Daniel Stenberg <daniel@haxx.se> Wed Jun 17 07:43:13 2015 +0200
tree: 7490da5df95227837ff2adbc272a4e2efffd696a
parent: 24f0b6ebf7c4411ac9d82a6269d4c136856a1166 [diff]
diff --git a/lib/http.c b/lib/http.c
index 7a5137e..e06c798 100644
--- a/lib/http.c
+++ b/lib/http.c

@@ -2312,20 +2312,12 @@
                      te
       );
 
-  /*
-   * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
-   * the connection and shouldn't be repeated over it either.
-   */
-  switch (data->state.authhost.picked) {
-  case CURLAUTH_NEGOTIATE:
-  case CURLAUTH_NTLM:
-  case CURLAUTH_NTLM_WB:
-    Curl_safefree(conn->allocptr.userpwd);
-    break;
-  }
+  /* clear userpwd to avoid re-using credentials from re-used connections */
+  Curl_safefree(conn->allocptr.userpwd);
 
   /*
-   * Same for proxyuserpwd
+   * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
+   * with the connection and shouldn't be repeated over it either.
    */
   switch (data->state.authproxy.picked) {
   case CURLAUTH_NEGOTIATE:
commit	24a8359b256f8a3d7892f21f156a4bf0a42710d5	[log] [tgz]
author	Kamil Dudka <kdudka@redhat.com>	Thu May 28 20:04:35 2015 +0200
committer	Daniel Stenberg <daniel@haxx.se>	Wed Jun 17 07:43:13 2015 +0200
tree	7490da5df95227837ff2adbc272a4e2efffd696a
parent	24f0b6ebf7c4411ac9d82a6269d4c136856a1166 [diff]