When proxy authentication is used in a CONNECT request (as used for all SSL
connects and otherwise enforced tunnel-thru-proxy requests), the same authentication header is also wrongly sent to the remote host. The name and password can then be captured by an evil host and possibly get used for malicious purposes.
This commit is contained in:
Daniel Stenberg
parent
3270ea55dd
commit
db9f87f697
@ -91,6 +91,7 @@
|
||||
#include "http_digest.h"
|
||||
#include "http_ntlm.h"
|
||||
#include "http_negotiate.h"
|
||||
#include "url.h"
|
||||
|
||||
#define _MPRINTF_REPLACE /* use our functions only */
|
||||
#include <curl/mprintf.h>
|
||||
@ -552,6 +553,12 @@ CURLcode Curl_ConnectHTTPProxyTunnel(struct connectdata *conn,
|
||||
failf(data, "Received error code %d from proxy", httperror);
|
||||
return CURLE_RECV_ERROR;
|
||||
}
|
||||
|
||||
/* If a proxy-authorization header was used for the proxy, then we should
|
||||
make sure that it isn't accidentally used for the document request
|
||||
after we've connected. So let's free and clear it here. */
|
||||
Curl_safefree(conn->allocptr.proxyuserpwd);
|
||||
conn->allocptr.proxyuserpwd = NULL;
|
||||
|
||||
infof (data, "Proxy replied to CONNECT request\n");
|
||||
return CURLE_OK;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user