aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGES5
-rw-r--r--RELEASE-NOTES1
-rw-r--r--docs/KNOWN_BUGS4
-rw-r--r--lib/url.c2
-rw-r--r--tests/data/test2795
5 files changed, 10 insertions, 7 deletions
diff --git a/CHANGES b/CHANGES
index 608151445..dd5393551 100644
--- a/CHANGES
+++ b/CHANGES
@@ -15,6 +15,11 @@ Daniel Fandrich (31 Jul 2008)
being mangled when passed to proxies when CURLOPT_PORT is also set
(reported by Pramod Sharma).
+- User names embedded in proxy URLs without a password were parsed
+ incorrectly--the host name is treated as part of the user name and the
+ port number becomes the password. This can be observed in test 279
+ (was KNOWN_ISSUE #54).
+
Daniel Stenberg (30 Jul 2008)
- Phil Blundell added the CURLOPT_SCOPE option, as well as adjusted the URL
parser to allow numerical IPv6-addresses to be specified with the scope
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 76b545f3e..353b4c643 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -41,6 +41,7 @@ This release includes the following bugfixes:
o --use-ascii now works on Symbian OS, MS-DOS and OS/2
o CURLINFO_SSL_VERIFYRESULT is fixed
o FTP URLs and IPv6 URLs mangled when sent to proxy with CURLOPT_PORT set
+ o a user name in a proxy URL without a password was parsed incorrectly
This release includes the following known bugs:
diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS
index 9744481f8..bb9cbbe2e 100644
--- a/docs/KNOWN_BUGS
+++ b/docs/KNOWN_BUGS
@@ -14,10 +14,6 @@ may have been fixed since this was written!
library header files exporting symbols/macros that should be kept private
to the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/
-54. User names embedded in URLs without a password are parsed incorrectly--the
- host name is treated as part of the user name and the port number becomes the
- password. This can be observed test 279.
-
53. SFTP busy-loop problem. When doing SFTP uploads, we can see that libcurl
occasionally will busy-loop while waiting for certain network conditions.
Reported by Pavel Shalagin, explained somewhat by Daniel Stenberg here:
diff --git a/lib/url.c b/lib/url.c
index b53cc5053..c77850794 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3396,7 +3396,7 @@ static CURLcode parse_proxy(struct SessionHandle *data,
proxypasswd[0] = 0;
if(1 <= sscanf(proxyptr,
- "%" MAX_CURL_USER_LENGTH_TXT"[^:]:"
+ "%" MAX_CURL_USER_LENGTH_TXT"[^:@]:"
"%" MAX_CURL_PASSWORD_LENGTH_TXT "[^@]",
proxyuser, proxypasswd)) {
CURLcode res = CURLE_OK;
diff --git a/tests/data/test279 b/tests/data/test279
index c37e9ab11..f52941cd4 100644
--- a/tests/data/test279
+++ b/tests/data/test279
@@ -7,6 +7,7 @@ HTTP proxy
HTTP proxy Basic auth
</keywords>
</info>
+
# Server-side
<reply>
<data>
@@ -28,7 +29,7 @@ http
HTTP with proxy string including http:// and user only
</name>
<command>
-http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT
+http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT
</command>
</client>
@@ -39,7 +40,7 @@ http://we.want.that.site.com/279 -x http://f%61ke@%HOSTIP:%HTTPPORT
</strip>
<protocol>
GET http://we.want.that.site.com/279 HTTP/1.1
-Proxy-Authorization: Basic ZmFrZUAxMjcuMC4wLjE6ODk5MA0=
+Proxy-Authorization: Basic ZmFrZTo=
Host: we.want.that.site.com
Pragma: no-cache
Accept: */*
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 01:44:08 +0000