socks: deny server basic-auth if not configured

When the server proposes BASIC authentication and curl does
not have that configured, fail right away.

Reported-by: Joshua Rogers
Closes #18937

diff --git a/lib/socks.c b/lib/socks.c
index e7e545442a9ad7f7188c69a832e2b43e84d4534d..a0e1e6c04254fd0fc68a9913e847ebcd9ce7f700 100644 (file)
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -681,8 +681,12 @@ static CURLproxycode socks5_check_resp0(struct socks_state *sx,
     return CURLPX_GSSAPI_PERMSG;
   case 2:
     /* regular name + password authentication */
-    sxstate(sx, cf, data, SOCKS5_ST_AUTH_INIT);
-    return CURLPX_OK;
+    if(data->set.socks5auth & CURLAUTH_BASIC) {
+      sxstate(sx, cf, data, SOCKS5_ST_AUTH_INIT);
+      return CURLPX_OK;
+    }
+    failf(data, "BASIC authentication proposed but not enabled.");
+    return CURLPX_NO_AUTH;
   case 255:
     failf(data, "No authentication method was acceptable.");
     return CURLPX_NO_AUTH;