Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cURL does not pass proxy passwords greater than 255 characters to http proxies #5448

Closed
bigwillystyle42 opened this issue May 25, 2020 · 2 comments
Assignees

Comments

@bigwillystyle42
Copy link

I did this

export http_proxy=http://will:01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789@proxyserver:12000
curl -v sydonis.com > /dev/null

I expected the following

I expected cURL to send the entire username/password string to the proxy in the Proxy-Authorization header. Instead cURL appears to send just the username and a colon:

Proxy-Authorization: Basic d2lsbDo=

curl/libcurl version

curl 7.64.0

operating system

Debian 10, using a newer kernel: 5.5.0-0.bpo.2 (5.5.17-1~bpo10+1)

@bagder bagder self-assigned this May 25, 2020
@bagder
Copy link
Member

bagder commented May 25, 2020

Yes and no!

If you'd try that exact program with a current libcurl version, you would not have this problem. As when providing the credentials within the proxy string has no such length restriction since a while back (I believe since we started parsing the proxy string with the URL parser even internally, in 7.65.0).

However, we still had such a restriction on the HTTP proxy auth credentials if they were specified separately with -U, so there was still a bug in there. PR coming up with a fix for this.

bagder added a commit that referenced this issue May 25, 2020
They're only limited by the maximum string input restrictions, not to
256 bytes.

Added test 1178 to verify

Reported-by: Will Roberts
Fixes #5448
bagder added a commit that referenced this issue May 25, 2020
They're only limited to the maximum string input restrictions, not to
256 bytes.

Added test 1178 to verify

Reported-by: Will Roberts
Fixes #5448
Closes #5449
@bigwillystyle42
Copy link
Author

Thanks I looked through the issues, but didn't think to look through the pull requests for any relevant fixes.

@bagder bagder closed this as completed in ad829b2 May 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

2 participants