[webkit-changes] [WebKit/WebKit] 103304: [Curl] Restrict available HTTP/Proxy authenticatio...
Kenji Shukuwa
noreply at github.com
Sun Jun 18 18:36:20 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 10330490fe57452b7c58cb88e613b52a557d45b0
https://github.com/WebKit/WebKit/commit/10330490fe57452b7c58cb88e613b52a557d45b0
Author: Kenji Shukuwa <kenji.shukuwa at open-tec.co.jp>
Date: 2023-06-18 (Sun, 18 Jun 2023)
Changed paths:
M Source/WebCore/platform/network/curl/CurlContext.cpp
Log Message:
-----------
[Curl] Restrict available HTTP/Proxy authentication methods
https://bugs.webkit.org/show_bug.cgi?id=258190
Reviewed by Michael Catanzaro.
CURLINFO_HTTPAUTH_AVAIL and CURLINFO_PROXYAUTH_AVAIL may return
authentication method values that curl port does not support.
Such values may cause unintended authentication challenges.
Therefore, do not set any value other than the permitted value.
* Source/WebCore/platform/network/curl/CurlContext.cpp:
(WebCore::CurlHandle::getHttpAuthAvail):
(WebCore::CurlHandle::getProxyAuthAvail):
Canonical link: https://commits.webkit.org/265290@main
More information about the webkit-changes
mailing list