libfetch: keep http auth only if redirect is for the same host

fixes #10688
author: Timo Teräs <timo.teras@iki.fi> 2020-10-06 11:22:55 +0300
committer: Timo Teräs <timo.teras@iki.fi> 2020-10-06 11:24:05 +0300
commit: 7158474f1ba2bd24c6a9b2b1bbd53984414c0343 (patch)
tree: 08f921802c59531e7ad44c8d5af101f911477775 /libfetch/http.c
parent: dac30d50497214c8722a57ee1ae8d3c369babe38 (diff)
download: apk-tools-7158474f1ba2bd24c6a9b2b1bbd53984414c0343.tar.gz
apk-tools-7158474f1ba2bd24c6a9b2b1bbd53984414c0343.tar.bz2
apk-tools-7158474f1ba2bd24c6a9b2b1bbd53984414c0343.tar.xz
apk-tools-7158474f1ba2bd24c6a9b2b1bbd53984414c0343.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/libfetch/http.c b/libfetch/http.c
index efaebe7..7141b98 100644
--- a/libfetch/http.c
+++ b/libfetch/http.c
@@ -1070,7 +1070,13 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 					/* XXX should set an error code */
 					goto ouch;
 				}
-				if (!*new->user && !*new->pwd) {
+				if (!new->port)
+					new->port = fetch_default_port(url->scheme);
+				if (!new->user[0] && !new->pwd[0] &&
+				    new->port == url->port &&
+				    strcmp(new->scheme, url->scheme) == 0 &&
+				    strcmp(new->host, url->host) == 0) {
+					/* keep auth if staying on same host */
 					strcpy(new->user, url->user);
 					strcpy(new->pwd, url->pwd);
 				}
author	Timo Teräs <timo.teras@iki.fi>	2020-10-06 11:22:55 +0300
committer	Timo Teräs <timo.teras@iki.fi>	2020-10-06 11:24:05 +0300
commit	7158474f1ba2bd24c6a9b2b1bbd53984414c0343 (patch)
tree	08f921802c59531e7ad44c8d5af101f911477775 /libfetch/http.c
parent	dac30d50497214c8722a57ee1ae8d3c369babe38 (diff)
download	apk-tools-7158474f1ba2bd24c6a9b2b1bbd53984414c0343.tar.gz apk-tools-7158474f1ba2bd24c6a9b2b1bbd53984414c0343.tar.bz2 apk-tools-7158474f1ba2bd24c6a9b2b1bbd53984414c0343.tar.xz apk-tools-7158474f1ba2bd24c6a9b2b1bbd53984414c0343.zip