Don't infloop in url.el when sending invalid basic auth

* lisp/url/url-http.el (url-http-handle-authentication): Bail out
if the wrong credentials were passed to the server instead of
inflooping (bug#27022).

diff --git a/lisp/url/url-http.el b/lisp/url/url-http.el
index 527760118d4141155f3f4f20b64a519ef4f9bc25..f7f2f3d179dc7d713eecdc949cc152349b0e2e0a 100644 (file)
--- a/lisp/url/url-http.el
+++ b/lisp/url/url-http.el
@@ -453,6 +453,14 @@ Return the number of characters removed."
        auth
        (strength 0))
 
+    ;; If we're here, then we got a 40x Unauthorized response from the
+    ;; server.  If we already have "Authorization" in the extra
+    ;; headers, then this means that we've already tried sending
+    ;; credentials to the server, and they were wrong, so just give
+    ;; up.
+    (when (assoc "Authorization" url-http-extra-headers)
+      (error "Wrong authorization used for %s" url))
+
     ;; find strongest supported auth
     (dolist (this-auth auths)
       (setq this-auth (url-eat-trailing-space