Commit 5ad992107f1220c988261c6764ed46b1e303d7f9
2019-03-07T16:43:45
http: consume body on proxy auth failure We must always consume the full parser body if we're going to keep-alive. So in the authentication failure case, continue advancing the http message parser until it's complete, then we can retry the connection. Not doing so would mean that we have to tear the connection down and start over. Advancing through fully (even though we don't use the data) will ensure that we can retry a connection with keep-alive.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
diff --git a/src/transports/http.c b/src/transports/http.c
index bb4a6eb..eb5c352 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -826,6 +826,7 @@ static int proxy_connect(
static http_parser_settings proxy_parser_settings = {0};
size_t bytes_read = 0, bytes_parsed;
parser_context ctx;
+ bool auth_replay;
int error;
/* Use the parser settings only to parser headers. */
@@ -837,6 +838,8 @@ static int proxy_connect(
replay:
clear_parser_state(t);
+ auth_replay = false;
+
gitno_buffer_setup_fromstream(proxy_stream,
&t->parse_buffer,
t->parse_buffer_data,
@@ -884,10 +887,9 @@ replay:
}
/* Replay the request with authentication headers. */
- if (PARSE_ERROR_REPLAY == t->parse_error)
- goto replay;
-
- if (t->parse_error < 0) {
+ if (PARSE_ERROR_REPLAY == t->parse_error) {
+ auth_replay = true;
+ } else if (t->parse_error < 0) {
error = t->parse_error == PARSE_ERROR_EXT ? PARSE_ERROR_EXT : -1;
goto done;
}
@@ -901,6 +903,9 @@ replay:
}
}
+ if (auth_replay)
+ goto replay;
+
if ((error = git_tls_stream_wrap(out, proxy_stream, t->server.url.host)) == 0)
error = stream_connect(*out, &t->server.url,
t->owner->certificate_check_cb,