New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault when attempting to re-use a curl handle and turning on Proxy NTLM authentication #765
Comments
Ouch, I'm the one who introduced this code :( However, I think I've seen this segfault and addressed it by adding a check to make sure proxy_user_passwd is set, see: Line 3126 in ccf7a82
But perhaps is it isn't enough, maybe password missing could still be a problem, or I suspect that connection reuse might cause such inconsistency, see this block: Line 5340 in ccf7a82
Could you suggest sample code or a command that would reproduce? Thanks! |
Hmm, actually, the verification of proxy_user_passwd is only for the 'needle' conn, not for the 'check' conn. |
Ok, I have it reproduced with: Looking into it - sorry for this bug! |
The crash that I saw back then was with inversed order (first auth, then no auth), however the first fix I wanted was to make it similar to server authentication where the user/pass are never NULL, instead they are empty strings - and this fix works both ways. Quote from back then correspondance:
|
Even if empty, so we won't risk dereferencing NULL pointer. This is similar to what we do for server user and pwd. See curl#765
Hi @bagder do you think (iboukris@b53993d) is ok, or you'd prefer a local fix. Thanks @rcanavan for reporting this. |
The previous fix you are referring to is d41dcba? It seems correct to me that we don't parse the proxy auth (which basically just unescapes and copies proxy username and pass) if !bits.proxy_user_passwd, unless I misunderstand. |
On Sat, Apr 16, 2016 at 2:08 AM, Jay Satiro notifications@github.com wrote:
Yes, this is the commit in which I introduced this bug.
Initially, I just added a check for 'strequal(needle->proxyuser, |
At ConnectionExists, both check->proxyuser and check->proxypasswd could be NULL, so make sure to check first. See curl#765
Alternatively, a local fix similar to the one proposed by OP: iboukris@3d8736d |
Thanks, merged! |
Thank you! |
Segfault when attempting to re-use a curl handle and turning on Proxy NTLM authentication. curl/curl#765 Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Natinst-CAR-ID: 595510 Natinst-ReviewBoard-ID: 157131
In our unittests, there are two tests that abuse a normal HTTP server as a proxy, just to verify that the correct headers are sent. Both use the same "proxy"; the first teset does not use any proxy authentication, the second attempts to use NTLM. As a result, the second test always segfaults at the following location:
because in
*check
, bothproxyuser = 0x0
andproxypasswd = 0x0
. The following patch would prevent the segfault:curl/libcurl version
curl-7.48.0 and earlier.
operating system
Ubuntu 15.10, OpenSuSE 13.1
The text was updated successfully, but these errors were encountered: