Commit db9f87f6 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

When proxy authentication is used in a CONNECT request (as used for all SSL 

connects and otherwise enforced tunnel-thru-proxy requests), the same
authentication header is also wrongly sent to the remote host.

The name and password can then be captured by an evil host and possibly get
used for malicious purposes.
parent 3270ea55

lib/http.c

+7 −0
Original line number Diff line number Diff line
@@ -91,6 +91,7 @@ 
#include "http_digest.h"

#include "http_ntlm.h"

#include "http_negotiate.h"

#include "url.h"



#define _MPRINTF_REPLACE /* use our functions only */

#include <curl/mprintf.h>
@@ -553,6 +554,12 @@ CURLcode Curl_ConnectHTTPProxyTunnel(struct connectdata *conn, 
    return CURLE_RECV_ERROR;

  }

  

  /* If a proxy-authorization header was used for the proxy, then we should

     make sure that it isn't accidentally used for the document request

     after we've connected. So let's free and clear it here. */

  Curl_safefree(conn->allocptr.proxyuserpwd);

  conn->allocptr.proxyuserpwd = NULL;



  infof (data, "Proxy replied to CONNECT request\n");

  return CURLE_OK;

}