diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-10-06 15:40:53 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-10-06 22:45:52 +0200 |
commit | 87907d56f0a2973bb7513f073f4f5a02a01d2ef2 (patch) | |
tree | c19d517a0073c4d146f800b6a864345c612d98d9 | |
parent | 5f563495f1f9cf7ef4f23f997e4c2707dd3e74a8 (diff) | |
download | curl-87907d56f0a2973bb7513f073f4f5a02a01d2ef2.tar.gz |
http: fix Basic auth with empty name field in URL
Add test 367 to verify.
Reported-by: Rick Lane
Fixes #7819
Closes #7820
-rw-r--r-- | lib/http.c | 2 | ||||
-rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
-rw-r--r-- | tests/data/test367 | 48 |
3 files changed, 50 insertions, 2 deletions
diff --git a/lib/http.c b/lib/http.c index 648583c56..fe3f3a27b 100644 --- a/lib/http.c +++ b/lib/http.c @@ -323,7 +323,7 @@ static CURLcode http_output_basic(struct Curl_easy *data, bool proxy) pwd = data->state.aptr.passwd; } - out = aprintf("%s:%s", user, pwd ? pwd : ""); + out = aprintf("%s:%s", user ? user : "", pwd ? pwd : ""); if(!out) return CURLE_OUT_OF_MEMORY; diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 57f2abf69..1085e7bf0 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -60,7 +60,7 @@ test325 test326 test327 test328 test329 test330 test331 test332 test333 \ test334 test335 test336 test337 test338 test339 test340 test341 test342 \ test343 test344 test345 test346 test347 test348 test349 test350 test351 \ test352 test353 test354 test355 test356 test357 test358 test359 test360 \ -test361 test362 test363 test364 test365 test366 \ +test361 test362 test363 test364 test365 test366 test367 \ \ test392 test393 test394 test395 test396 test397 \ \ diff --git a/tests/data/test367 b/tests/data/test367 new file mode 100644 index 000000000..de8b9014a --- /dev/null +++ b/tests/data/test367 @@ -0,0 +1,48 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +Basic +</keywords> +</info> + +# +# Server-side +<reply> +<data> +HTTP/1.1 200 OK +Content-Length: 6 +Connection: close + +-foo- +</data> +</reply> + +# +# Client-side +<client> +<server> +http +</server> +<name> +Empty user name provided in URL +</name> +<command> +http://:example@%HOSTIP:%HTTPPORT/%TESTNUMBER +</command> +</client> + +# +# Verify data after the test has been "shot" +<verify> +<protocol> +GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic OmV4YW1wbGU=
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol> +</verify> +</testcase> |