aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2019-08-15 17:50:02 +0200
committerDaniel Stenberg <daniel@haxx.se>2019-08-16 10:11:22 +0200
commit68fab35c735be1c9b566c23959e06b05add94c15 (patch)
treed643c77cc78e24965927eae227bc341f34028e89 /lib
parenta8ac1be7054d4f289ef4db1a31bb37aae1c5d6c0 (diff)
http: fix use of credentials from URL when using HTTP proxy
When a username and password are provided in the URL, they were wrongly removed from the stored URL so that subsequent uses of the same URL wouldn't find the crendentials. This made doing HTTP auth with multiple connections (like Digest) mishave. Regression from 46e164069d1a5230 (7.62.0) Test case 335 added to verify. Reported-by: Mike Crowe Fixes #4228 Closes #4229
Diffstat (limited to 'lib')
-rw-r--r--lib/http.c21
-rw-r--r--lib/urldata.h3
2 files changed, 13 insertions, 11 deletions
diff --git a/lib/http.c b/lib/http.c
index b1eef71f8..3ba963519 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -2357,7 +2357,6 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
/* and no fragment part */
CURLUcode uc;
- char *url;
CURLU *h = curl_url_dup(data->state.uh);
if(!h)
return CURLE_OUT_OF_MEMORY;
@@ -2388,19 +2387,15 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
return CURLE_OUT_OF_MEMORY;
}
}
- /* now extract the new version of the URL */
- uc = curl_url_get(h, CURLUPART_URL, &url, 0);
+ /* Extract the the URL to use in the request. Store in STRING_TEMP_URL for
+ clean-up reasons if the function returns before the free() further
+ down. */
+ uc = curl_url_get(h, CURLUPART_URL, &data->set.str[STRING_TEMP_URL], 0);
if(uc) {
curl_url_cleanup(h);
return CURLE_OUT_OF_MEMORY;
}
- if(data->change.url_alloc)
- free(data->change.url);
-
- data->change.url = url;
- data->change.url_alloc = TRUE;
-
curl_url_cleanup(h);
if(strcasecompare("ftp", data->state.up.scheme)) {
@@ -2579,12 +2574,16 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
query = NULL;
}
+#ifndef CURL_DISABLE_PROXY
/* url */
if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) {
- char *url = data->change.url;
+ char *url = data->set.str[STRING_TEMP_URL];
result = Curl_add_buffer(&req_buffer, url, strlen(url));
+ Curl_safefree(data->set.str[STRING_TEMP_URL]);
}
- else if(paste_ftp_userpwd)
+ else
+#endif
+ if(paste_ftp_userpwd)
result = Curl_add_bufferf(&req_buffer, "ftp://%s:%s@%s",
conn->user, conn->passwd,
path + sizeof("ftp://") - 1);
diff --git a/lib/urldata.h b/lib/urldata.h
index 94f02ba6a..7f26a9561 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -1503,6 +1503,9 @@ enum dupstring {
STRING_ALTSVC, /* CURLOPT_ALTSVC */
#endif
STRING_SASL_AUTHZID, /* CURLOPT_SASL_AUTHZID */
+#ifndef CURL_DISABLE_PROXY
+ STRING_TEMP_URL, /* temp URL storage for proxy use */
+#endif
/* -- end of zero-terminated strings -- */
STRING_LASTZEROTERMINATED,