aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2003-08-02 23:36:35 +0000
committerDaniel Stenberg <daniel@haxx.se>2003-08-02 23:36:35 +0000
commitdb9f87f697c86cdeca4e6da9f8baabb8246b2d0e (patch)
treed2a5c5a2bfec0b802176f78ab85fd8df67512cdd
parent3270ea55dd6ace258eabbd64a873ccf328976e7a (diff)
When proxy authentication is used in a CONNECT request (as used for all SSL
connects and otherwise enforced tunnel-thru-proxy requests), the same authentication header is also wrongly sent to the remote host. The name and password can then be captured by an evil host and possibly get used for malicious purposes.
-rw-r--r--lib/http.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/http.c b/lib/http.c
index 7f6752ec5..2418c1bd7 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -91,6 +91,7 @@
#include "http_digest.h"
#include "http_ntlm.h"
#include "http_negotiate.h"
+#include "url.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
@@ -552,6 +553,12 @@ CURLcode Curl_ConnectHTTPProxyTunnel(struct connectdata *conn,
failf(data, "Received error code %d from proxy", httperror);
return CURLE_RECV_ERROR;
}
+
+ /* If a proxy-authorization header was used for the proxy, then we should
+ make sure that it isn't accidentally used for the document request
+ after we've connected. So let's free and clear it here. */
+ Curl_safefree(conn->allocptr.proxyuserpwd);
+ conn->allocptr.proxyuserpwd = NULL;
infof (data, "Proxy replied to CONNECT request\n");
return CURLE_OK;