From: Dan Fandrich Date: Fri, 1 Aug 2008 02:09:08 +0000 (+0000) Subject: User names embedded in proxy URLs without a password were parsed X-Git-Tag: curl-7_19_0~246 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9251dd7b2412214d3b25da666f7755a7ab207d39;p=thirdparty%2Fcurl.git User names embedded in proxy URLs without a password were parsed incorrectly--the host name is treated as part of the user name and the port number becomes the password. This can be observed in test 279 (was KNOWN_ISSUE #54). --- diff --git a/CHANGES b/CHANGES index 608151445f..dd5393551f 100644 --- a/CHANGES +++ b/CHANGES @@ -15,6 +15,11 @@ Daniel Fandrich (31 Jul 2008) being mangled when passed to proxies when CURLOPT_PORT is also set (reported by Pramod Sharma). +- User names embedded in proxy URLs without a password were parsed + incorrectly--the host name is treated as part of the user name and the + port number becomes the password. This can be observed in test 279 + (was KNOWN_ISSUE #54). + Daniel Stenberg (30 Jul 2008) - Phil Blundell added the CURLOPT_SCOPE option, as well as adjusted the URL parser to allow numerical IPv6-addresses to be specified with the scope diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 76b545f3ed..353b4c6437 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -41,6 +41,7 @@ This release includes the following bugfixes: o --use-ascii now works on Symbian OS, MS-DOS and OS/2 o CURLINFO_SSL_VERIFYRESULT is fixed o FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set + o a user name in a proxy URL without a password was parsed incorrectly This release includes the following known bugs: diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 9744481f8b..bb9cbbe2ea 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -14,10 +14,6 @@ may have been fixed since this was written! library header files exporting symbols/macros that should be kept private to the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/ -54. User names embedded in URLs without a password are parsed incorrectly--the - host name is treated as part of the user name and the port number becomes the - password. This can be observed test 279. - 53. SFTP busy-loop problem. When doing SFTP uploads, we can see that libcurl occasionally will busy-loop while waiting for certain network conditions. Reported by Pavel Shalagin, explained somewhat by Daniel Stenberg here: diff --git a/lib/url.c b/lib/url.c index b53cc5053e..c778507943 100644 --- a/lib/url.c +++ b/lib/url.c @@ -3396,7 +3396,7 @@ static CURLcode parse_proxy(struct SessionHandle *data, proxypasswd[0] = 0; if(1 <= sscanf(proxyptr, - "%" MAX_CURL_USER_LENGTH_TXT"[^:]:" + "%" MAX_CURL_USER_LENGTH_TXT"[^:@]:" "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", proxyuser, proxypasswd)) { CURLcode res = CURLE_OK; diff --git a/tests/data/test279 b/tests/data/test279 index c37e9ab112..f52941cd4a 100644 --- a/tests/data/test279 +++ b/tests/data/test279 @@ -7,6 +7,7 @@ HTTP proxy HTTP proxy Basic auth + # Server-side @@ -28,7 +29,7 @@ http HTTP with proxy string including http:// and user only -http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT +http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT @@ -39,7 +40,7 @@ http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT GET http://we.want.that.site.com/279 HTTP/1.1 -Proxy-Authorization: Basic ZmFrZUAxMjcuMC4wLjE6ODk5MA0= +Proxy-Authorization: Basic ZmFrZTo= Host: we.want.that.site.com Pragma: no-cache Accept: */*