diff options
| author | Dan Fandrich <dan@coneharvesters.com> | 2008-08-01 02:09:08 +0000 |
|---|---|---|
| committer | Dan Fandrich <dan@coneharvesters.com> | 2008-08-01 02:09:08 +0000 |
| commit | 9251dd7b2412214d3b25da666f7755a7ab207d39 (patch) | |
| tree | 4247f5d6e31cc0a930872dd385d58ba67a9c0ac3 | |
| parent | 3615063fbcb17d04e3fa798187c7c7b8b035b6dd (diff) | |
| download | gnurl-9251dd7b2412214d3b25da666f7755a7ab207d39.tar.gz gnurl-9251dd7b2412214d3b25da666f7755a7ab207d39.tar.bz2 gnurl-9251dd7b2412214d3b25da666f7755a7ab207d39.zip | |
User names embedded in proxy URLs without a password were parsed
incorrectly--the host name is treated as part of the user name and the
port number becomes the password. This can be observed in test 279
(was KNOWN_ISSUE #54).
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | RELEASE-NOTES | 1 | ||||
| -rw-r--r-- | docs/KNOWN_BUGS | 4 | ||||
| -rw-r--r-- | lib/url.c | 2 | ||||
| -rw-r--r-- | tests/data/test279 | 5 |
5 files changed, 10 insertions, 7 deletions
@@ -15,6 +15,11 @@ Daniel Fandrich (31 Jul 2008) being mangled when passed to proxies when CURLOPT_PORT is also set (reported by Pramod Sharma). +- User names embedded in proxy URLs without a password were parsed + incorrectly--the host name is treated as part of the user name and the + port number becomes the password. This can be observed in test 279 + (was KNOWN_ISSUE #54). + Daniel Stenberg (30 Jul 2008) - Phil Blundell added the CURLOPT_SCOPE option, as well as adjusted the URL parser to allow numerical IPv6-addresses to be specified with the scope diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 76b545f3e..353b4c643 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -41,6 +41,7 @@ This release includes the following bugfixes: o --use-ascii now works on Symbian OS, MS-DOS and OS/2 o CURLINFO_SSL_VERIFYRESULT is fixed o FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set + o a user name in a proxy URL without a password was parsed incorrectly This release includes the following known bugs: diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 9744481f8..bb9cbbe2e 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -14,10 +14,6 @@ may have been fixed since this was written! library header files exporting symbols/macros that should be kept private to the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/ -54. User names embedded in URLs without a password are parsed incorrectly--the - host name is treated as part of the user name and the port number becomes the - password. This can be observed test 279. - 53. SFTP busy-loop problem. When doing SFTP uploads, we can see that libcurl occasionally will busy-loop while waiting for certain network conditions. Reported by Pavel Shalagin, explained somewhat by Daniel Stenberg here: @@ -3396,7 +3396,7 @@ static CURLcode parse_proxy(struct SessionHandle *data, proxypasswd[0] = 0; if(1 <= sscanf(proxyptr, - "%" MAX_CURL_USER_LENGTH_TXT"[^:]:" + "%" MAX_CURL_USER_LENGTH_TXT"[^:@]:" "%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]", proxyuser, proxypasswd)) { CURLcode res = CURLE_OK; diff --git a/tests/data/test279 b/tests/data/test279 index c37e9ab11..f52941cd4 100644 --- a/tests/data/test279 +++ b/tests/data/test279 @@ -7,6 +7,7 @@ HTTP proxy HTTP proxy Basic auth </keywords> </info> + # Server-side <reply> <data> @@ -28,7 +29,7 @@ http HTTP with proxy string including http:// and user only </name> <command> -http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT
+http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT </command> </client> @@ -39,7 +40,7 @@ http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT </strip> <protocol> GET http://we.want.that.site.com/279 HTTP/1.1
-Proxy-Authorization: Basic ZmFrZUAxMjcuMC4wLjE6ODk5MA0=
+Proxy-Authorization: Basic ZmFrZTo=
Host: we.want.that.site.com
Pragma: no-cache
Accept: */*
|