From 4e283336dc02089e47f22e9e5e27fe11ff2ae6ab Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 6 Oct 2021 15:40:53 +0200
Subject: http: fix Basic auth with empty name provided in URL

Add test 367 to verify.

Reported-by: Rick Lane
Fixes #7819
Closes #
---
 lib/http.c              |  2 +-
 tests/data/Makefile.inc |  2 +-
 tests/data/test367      | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 tests/data/test367

diff --git a/lib/http.c b/lib/http.c
index 648583c56..fe3f3a27b 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -323,7 +323,7 @@ static CURLcode http_output_basic(struct Curl_easy *data, bool proxy)
     pwd = data->state.aptr.passwd;
   }
 
-  out = aprintf("%s:%s", user, pwd ? pwd : "");
+  out = aprintf("%s:%s", user ? user : "", pwd ? pwd : "");
   if(!out)
     return CURLE_OUT_OF_MEMORY;
 
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 57f2abf69..1085e7bf0 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -60,7 +60,7 @@ test325 test326 test327 test328 test329 test330 test331 test332 test333 \
 test334 test335 test336 test337 test338 test339 test340 test341 test342 \
 test343 test344 test345 test346 test347 test348 test349 test350 test351 \
 test352 test353 test354 test355 test356 test357 test358 test359 test360 \
-test361 test362 test363 test364 test365 test366 \
+test361 test362 test363 test364 test365 test366 test367 \
 \
 test392 test393 test394 test395 test396 test397 \
 \
diff --git a/tests/data/test367 b/tests/data/test367
new file mode 100644
index 000000000..de8b9014a
--- /dev/null
+++ b/tests/data/test367
@@ -0,0 +1,48 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+Basic
+</keywords>
+</info>
+
+#
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Content-Length: 6
+Connection: close
+
+-foo-
+</data>
+</reply>
+
+#
+# Client-side
+<client>
+<server>
+http
+</server>
+<name>
+Empty user name provided in URL
+</name>
+<command>
+http://:example@%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+#
+# Verify data after the test has been "shot"
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Authorization: Basic OmV4YW1wbGU=
+User-Agent: curl/%VERSION
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
-- 
cgit v1.2.1