cURL / Mailing Lists / curl-library / Single Mail

curl-library

Reproducible crash in Curl-7.21.7 (on windows)

From: Christian Hägele <haegele_at_teamviewer.com>
Date: Wed, 29 Jun 2011 07:32:29 +0000 (UTC)

Hello,

I found a regression in Curl-7.21.7 (We used 7.21.2 before):
When the Http-Server responds with the following header:

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NEGOTIATE
Proxy-Authenticate: NTLM
Proxy-Authenticate: BASIC realm="Active_Directory"
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-CS-5B2C6A053E90D768=2; Path=/
Connection: close
Content-Length: 813

curl and libcurl crashes. This is reproducible with curl and libcurl build on
windows with SSPI support. I don't use a proxy.
I just call curl.exe <ipOfServer>.

This happens because in http_negotiate_sspi.c (line 69) it tries to read the
proxy-name, but there is no proxy-name set (because I don't use any proxy)
and thus it crashes because it tries to read at location 0x0.

It seems that this always happens when a server returns Http-code 407 for some
reason. In that case curl assumes that there is a proxy involved which might be
wrong.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-06-29