diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-08-15 17:50:02 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-08-16 10:11:22 +0200 |
commit | 68fab35c735be1c9b566c23959e06b05add94c15 (patch) | |
tree | d643c77cc78e24965927eae227bc341f34028e89 /lib | |
parent | a8ac1be7054d4f289ef4db1a31bb37aae1c5d6c0 (diff) | |
download | curl-68fab35c735be1c9b566c23959e06b05add94c15.tar.gz |
http: fix use of credentials from URL when using HTTP proxy
When a username and password are provided in the URL, they were wrongly
removed from the stored URL so that subsequent uses of the same URL
wouldn't find the crendentials. This made doing HTTP auth with multiple
connections (like Digest) mishave.
Regression from 46e164069d1a5230 (7.62.0)
Test case 335 added to verify.
Reported-by: Mike Crowe
Fixes #4228
Closes #4229
Diffstat (limited to 'lib')
-rw-r--r-- | lib/http.c | 21 | ||||
-rw-r--r-- | lib/urldata.h | 3 |
2 files changed, 13 insertions, 11 deletions
diff --git a/lib/http.c b/lib/http.c index b1eef71f8..3ba963519 100644 --- a/lib/http.c +++ b/lib/http.c @@ -2357,7 +2357,6 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) /* and no fragment part */ CURLUcode uc; - char *url; CURLU *h = curl_url_dup(data->state.uh); if(!h) return CURLE_OUT_OF_MEMORY; @@ -2388,19 +2387,15 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) return CURLE_OUT_OF_MEMORY; } } - /* now extract the new version of the URL */ - uc = curl_url_get(h, CURLUPART_URL, &url, 0); + /* Extract the the URL to use in the request. Store in STRING_TEMP_URL for + clean-up reasons if the function returns before the free() further + down. */ + uc = curl_url_get(h, CURLUPART_URL, &data->set.str[STRING_TEMP_URL], 0); if(uc) { curl_url_cleanup(h); return CURLE_OUT_OF_MEMORY; } - if(data->change.url_alloc) - free(data->change.url); - - data->change.url = url; - data->change.url_alloc = TRUE; - curl_url_cleanup(h); if(strcasecompare("ftp", data->state.up.scheme)) { @@ -2579,12 +2574,16 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) query = NULL; } +#ifndef CURL_DISABLE_PROXY /* url */ if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { - char *url = data->change.url; + char *url = data->set.str[STRING_TEMP_URL]; result = Curl_add_buffer(&req_buffer, url, strlen(url)); + Curl_safefree(data->set.str[STRING_TEMP_URL]); } - else if(paste_ftp_userpwd) + else +#endif + if(paste_ftp_userpwd) result = Curl_add_bufferf(&req_buffer, "ftp://%s:%s@%s", conn->user, conn->passwd, path + sizeof("ftp://") - 1); diff --git a/lib/urldata.h b/lib/urldata.h index 94f02ba6a..7f26a9561 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1503,6 +1503,9 @@ enum dupstring { STRING_ALTSVC, /* CURLOPT_ALTSVC */ #endif STRING_SASL_AUTHZID, /* CURLOPT_SASL_AUTHZID */ +#ifndef CURL_DISABLE_PROXY + STRING_TEMP_URL, /* temp URL storage for proxy use */ +#endif /* -- end of zero-terminated strings -- */ STRING_LASTZEROTERMINATED, |