Fix a parsing bug in the new authentication code.

2 files changed, 4 insertions, 3 deletions

diff --git a/CHANGES.md b/CHANGES.md
index 03517e033..8fb9d6cfd 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,4 +1,4 @@
-CHANGES - 2.3rc1 - 2018-04-09
+CHANGES - 2.3rc1 - 2018-04-11
 =============================
 
 Changes in CUPS v2.3rc1
@@ -10,6 +10,7 @@ Changes in CUPS v2.3rc1
   the supplied HTTP connection (Issue #5288)
 - Fixed another crash in the scheduler when adding an IPP Everywhere printer
   (Issue #5290)
+- Fixed a parsing bug in the new authentication code.
 
 
 Changes in CUPS v2.3b4
diff --git a/cups/auth.c b/cups/auth.c
index f545b2331..ab2ce996a 100644
--- a/cups/auth.c
+++ b/cups/auth.c
@@ -212,7 +212,7 @@ cupsDoAuthentication(
       if (!cg->lang_default)
 	cg->lang_default = cupsLangDefault();
 
-      if (cups_auth_param(scheme, "username", default_username, sizeof(default_username)))
+      if (cups_auth_param(schemedata, "username", default_username, sizeof(default_username)))
 	cupsSetUser(default_username);
 
       snprintf(prompt, sizeof(prompt), _cupsLangString(cg->lang_default, _("Password for %s on %s? ")), cupsUser(), http->hostname[0] == '/' ? "localhost" : http->hostname);
@@ -795,7 +795,7 @@ cups_auth_scheme(const char *www_authenticate,	/* I - Pointer into WWW-Authentic
     * Parse the scheme name or param="value" string...
     */
 
-    for (sptr = scheme, start = www_authenticate, param = 0; *www_authenticate && !isspace(*www_authenticate & 255); www_authenticate ++)
+    for (sptr = scheme, start = www_authenticate, param = 0; *www_authenticate && *www_authenticate != ',' && !isspace(*www_authenticate & 255); www_authenticate ++)
     {
       if (*www_authenticate == '=')
         param = 1;