generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

User names embedded in proxy URLs without a password were parsed

Browse Source 
incorrectly--the host name is treated as part of the user name and the
port number becomes the password.  This can be observed in test 279
(was KNOWN_ISSUE #54).
This commit is contained in:
Dan Fandrich 2008-08-01 02:09:08 +00:00
parent 3615063fbc
commit 9251dd7b24
5 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES
View File

@ -15,6 +15,11 @@ Daniel Fandrich (31 Jul 2008)
being mangled when passed to proxies when CURLOPT_PORT is also set being mangled when passed to proxies when CURLOPT_PORT is also set
(reported by Pramod Sharma). (reported by Pramod Sharma).
- User names embedded in proxy URLs without a password were parsed
incorrectly--the host name is treated as part of the user name and the
port number becomes the password. This can be observed in test 279
(was KNOWN_ISSUE #54).
Daniel Stenberg (30 Jul 2008) Daniel Stenberg (30 Jul 2008)
- Phil Blundell added the CURLOPT_SCOPE option, as well as adjusted the URL - Phil Blundell added the CURLOPT_SCOPE option, as well as adjusted the URL
parser to allow numerical IPv6-addresses to be specified with the scope parser to allow numerical IPv6-addresses to be specified with the scope

1
RELEASE-NOTES
View File

@ -41,6 +41,7 @@ This release includes the following bugfixes:
o --use-ascii now works on Symbian OS, MS-DOS and OS/2 o --use-ascii now works on Symbian OS, MS-DOS and OS/2
o CURLINFO_SSL_VERIFYRESULT is fixed o CURLINFO_SSL_VERIFYRESULT is fixed
o FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set o FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set
o a user name in a proxy URL without a password was parsed incorrectly
This release includes the following known bugs: This release includes the following known bugs:

4
docs/KNOWN_BUGS
View File

@ -14,10 +14,6 @@ may have been fixed since this was written!
library header files exporting symbols/macros that should be kept private library header files exporting symbols/macros that should be kept private
to the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/ to the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/
54. User names embedded in URLs without a password are parsed incorrectly--the
host name is treated as part of the user name and the port number becomes the
password. This can be observed test 279.
53. SFTP busy-loop problem. When doing SFTP uploads, we can see that libcurl 53. SFTP busy-loop problem. When doing SFTP uploads, we can see that libcurl
occasionally will busy-loop while waiting for certain network conditions. occasionally will busy-loop while waiting for certain network conditions.
Reported by Pavel Shalagin, explained somewhat by Daniel Stenberg here: Reported by Pavel Shalagin, explained somewhat by Daniel Stenberg here:

2
lib/url.c
View File

@ -3396,7 +3396,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
proxypasswd[0] = 0; proxypasswd[0] = 0;
if(1 <= sscanf(proxyptr, if(1 <= sscanf(proxyptr,
"%" MAX_CURL_USER_LENGTH_TXT"[^:]:" "%" MAX_CURL_USER_LENGTH_TXT"[^:@]:"
"%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
proxyuser, proxypasswd)) { proxyuser, proxypasswd)) {
CURLcode res = CURLE_OK; CURLcode res = CURLE_OK;

3
tests/data/test279
View File

@ -7,6 +7,7 @@ HTTP proxy
HTTP proxy Basic auth HTTP proxy Basic auth
</keywords> </keywords>
</info> </info>
# Server-side # Server-side
<reply> <reply>
<data> <data>
@ -39,7 +40,7 @@ http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT
</strip> </strip>
<protocol> <protocol>
GET http://we.want.that.site.com/279 HTTP/1.1 GET http://we.want.that.site.com/279 HTTP/1.1
Proxy-Authorization: Basic ZmFrZUAxMjcuMC4wLjE6ODk5MA0= Proxy-Authorization: Basic ZmFrZTo=
Host: we.want.that.site.com Host: we.want.that.site.com
Pragma: no-cache Pragma: no-cache
Accept: */* Accept: */*