Commit 9251dd7b authored Aug 01, 2008 by Dan Fandrich

User names embedded in proxy URLs without a password were parsed

incorrectly--the host name is treated as part of the user name and the
port number becomes the password.  This can be observed in test 279
(was KNOWN_ISSUE #54).

parent 3615063f

CHANGES

+5 −0

Original line number	Diff line number	Diff line
		@@ -15,6 +15,11 @@ Daniel Fandrich (31 Jul 2008)
		being mangled when passed to proxies when CURLOPT_PORT is also set
		(reported by Pramod Sharma).

		- User names embedded in proxy URLs without a password were parsed
		incorrectly--the host name is treated as part of the user name and the
		port number becomes the password. This can be observed in test 279
		(was KNOWN_ISSUE #54).

		Daniel Stenberg (30 Jul 2008)
		- Phil Blundell added the CURLOPT_SCOPE option, as well as adjusted the URL
		parser to allow numerical IPv6-addresses to be specified with the scope

RELEASE-NOTES

+1 −0

Original line number	Diff line number	Diff line
		@@ -41,6 +41,7 @@ This release includes the following bugfixes:
		o --use-ascii now works on Symbian OS, MS-DOS and OS/2
		o CURLINFO_SSL_VERIFYRESULT is fixed
		o FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set
		o a user name in a proxy URL without a password was parsed incorrectly

		This release includes the following known bugs:

docs/KNOWN_BUGS

+0 −4

Original line number	Diff line number	Diff line
		@@ -14,10 +14,6 @@ may have been fixed since this was written!
		library header files exporting symbols/macros that should be kept private
		to the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/

		54. User names embedded in URLs without a password are parsed incorrectly--the
		host name is treated as part of the user name and the port number becomes the
		password. This can be observed test 279.

		53. SFTP busy-loop problem. When doing SFTP uploads, we can see that libcurl
		occasionally will busy-loop while waiting for certain network conditions.
		Reported by Pavel Shalagin, explained somewhat by Daniel Stenberg here:

lib/url.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -3396,7 +3396,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
		proxypasswd[0] = 0;

		if(1 <= sscanf(proxyptr,
		"%" MAX_CURL_USER_LENGTH_TXT"[^:]:"
		"%" MAX_CURL_USER_LENGTH_TXT"[^:@]:"
		"%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
		proxyuser, proxypasswd)) {
		CURLcode res = CURLE_OK;

tests/data/test279

+3 −2

Original line number	Diff line number	Diff line
		@@ -7,6 +7,7 @@ HTTP proxy
		HTTP proxy Basic auth
		</keywords>
		</info>

		# Server-side
		<reply>
		<data>
		@@ -39,7 +40,7 @@ http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT
		</strip>
		<protocol>
		GET http://we.want.that.site.com/279 HTTP/1.1
		Proxy-Authorization: Basic ZmFrZUAxMjcuMC4wLjE6ODk5MA0=
		Proxy-Authorization: Basic ZmFrZTo=
		Host: we.want.that.site.com
		Pragma: no-cache
		Accept: /