libfetch: keep http auth only if redirect is for the same host

fixes #10688 (cherry picked from commit 7158474f1ba2bd24c6a9b2b1bbd53984414c0343)
author: Timo Teräs <timo.teras@iki.fi> 2020-10-06 11:22:55 +0300
committer: Timo Teräs <timo.teras@iki.fi> 2021-04-11 14:03:38 +0300
commit: ef2193896386b0a8beed3a27ce39e2f97776c3f3 (patch)
tree: 97bc4405d86c522b9f6da675c03507208cb620e8
parent: e959755dffcf23fcdc6d6ba8d50c08e83dab7fb6 (diff)
download: apk-tools-ef2193896386b0a8beed3a27ce39e2f97776c3f3.tar.gz
apk-tools-ef2193896386b0a8beed3a27ce39e2f97776c3f3.tar.bz2
apk-tools-ef2193896386b0a8beed3a27ce39e2f97776c3f3.tar.xz
apk-tools-ef2193896386b0a8beed3a27ce39e2f97776c3f3.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/libfetch/http.c b/libfetch/http.c
index efaebe7..7141b98 100644
--- a/libfetch/http.c
+++ b/libfetch/http.c
@@ -1070,7 +1070,13 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 					/* XXX should set an error code */
 					goto ouch;
 				}
-				if (!*new->user && !*new->pwd) {
+				if (!new->port)
+					new->port = fetch_default_port(url->scheme);
+				if (!new->user[0] && !new->pwd[0] &&
+				    new->port == url->port &&
+				    strcmp(new->scheme, url->scheme) == 0 &&
+				    strcmp(new->host, url->host) == 0) {
+					/* keep auth if staying on same host */
 					strcpy(new->user, url->user);
 					strcpy(new->pwd, url->pwd);
 				}
author	Timo Teräs <timo.teras@iki.fi>	2020-10-06 11:22:55 +0300
committer	Timo Teräs <timo.teras@iki.fi>	2021-04-11 14:03:38 +0300
commit	ef2193896386b0a8beed3a27ce39e2f97776c3f3 (patch)
tree	97bc4405d86c522b9f6da675c03507208cb620e8
parent	e959755dffcf23fcdc6d6ba8d50c08e83dab7fb6 (diff)
download	apk-tools-ef2193896386b0a8beed3a27ce39e2f97776c3f3.tar.gz apk-tools-ef2193896386b0a8beed3a27ce39e2f97776c3f3.tar.bz2 apk-tools-ef2193896386b0a8beed3a27ce39e2f97776c3f3.tar.xz apk-tools-ef2193896386b0a8beed3a27ce39e2f97776c3f3.zip