I've been away for a few weeks, and this bug has already been fixed, but
I thought I'd try to add a test case for it. I'm not sure I got it
right though.

Here's the command line that fails for me (using CVS as of April 22 or
-- and specifically formdata.c 1.56):

$ ./curl --verbose http://www.google.com --proxy
http://a.real.ntlm.proxy --proxy-user foo:bar --proxy-ntlm -F
"dummy=value"

When I say fail, it crashes, on line 1065 of formdata.c 1.56 -- in
Curl_formclean. This function has since been fixed to check form for
NULL. Here's the trace:

* About to connect() to 10.10.191.2 port 8080
* Connected to 10.10.191.2 (10.10.191.2) port 8080
* Proxy auth using NTLM with user 'foo'
> HEAD http://127.0.0.1:8999/163 HTTP/1.1
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAAgIAAAAAAAAgAAAAAAAAACAAAAA=
User-Agent: curl/7.11.2-CVS (i686-pc-cygwin) libcurl/7.11.2-CVS
OpenSSL/0.9.7d zlib/1.2.1
Host: 127.0.0.1:8999
Pragma: no-cache
Accept: */*

< HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
< Via:1.1 QE-COBPROXY
< Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADAAAAACAgAAbqbfCqKSHXEAAAAAAAAAAAAAAAAwAAAA
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 0
Segmentation fault (core dumped)

The actual URL doesn't matter, so when it's
http://127.0.0.1:8999/test999, it still fails, whether sws is running or
not.

The clincher here is that if I use an https URL, the crash goes away:

$ ../src/curl --verbose https://127.0.0.1:8999/163 --proxy
http://a.real.ntlm.proxy --proxy-user foo:bar --proxy-ntlm -F
"dummy=value"
* About to connect() to 10.10.191.2 port 8080
* Connected to 10.10.191.2 (10.10.191.2) port 8080
* Establish HTTP proxy tunnel to 127.0.0.1:8999
* Proxy auth using NTLM with user 'foo'
< HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
< Via:1.1 QE-COBPROXY
< Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAAAAAAADAAAAACAgAAaVeYT9YgtMUAAAAAAAAAAAAAAAAwAAAA
< Connection: Keep-Alive
< Proxy-Connection: Keep-Alive
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 0
<
* Proxy auth using NTLM with user 'foo'
< HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy
 service is denied. )
< Via:1.1 QE-COBPROXY
< Proxy-Authenticate: NTLM
* Authentication problem. Ignoring this.
< Proxy-Authenticate: Kerberos
< Proxy-Authenticate: Negotiate
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 3778
<
* Received HTTP code 407 from proxy after CONNECT
* Closing connection #0
curl: (56) Received HTTP code 407 from proxy after CONNECT

I figured it would be a good test case to have around. Maybe someone
can get enough useful info from what's here to make one, or confirm that
I've got it right. Here's the output from runtests.pl:

$ ./runtests.pl 170
********* System characteristics ********
* curl 7.11.2-CVS (i686-pc-cygwin)
* libcurl/7.11.2-CVS OpenSSL/0.9.7d zlib/1.2.1
* Host: DByron
* System: CYGWIN_NT-5.1 DByron 1.5.9(0.112/4/2) 2004-03-18 23:05 i686
unknown unknown Cygwin
* Server SSL: ON
* libcurl SSL: ON
* libcurl debug: ON
* valgrind: OFF
*****************************************
test 170...[HTTP POST with --proxy-ntlm and no SSL]
Signal 11
 protocol OKcurl returned 139, 56 was expected
 error FAILED

 - abort tests
TESTDONE: 0 tests out of 1 reported OK: 0%
TESTFAIL: These test cases failed: 170
TESTDONE: 1 tests were considered.

Hope this helps.

-DB