cURL

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1381 Problem with proxy CONNECT using wrong auth then re-used

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Tue, 29 Jul 2014 22:25:19 +0000

I'm struggling with the test case still, but I've been playing with this fix. It attempts to close the connection to a proxy if CONNECT fails and auth negotiation is not ongoing.

~~~~~~
diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 17f1c00..5343eb7 100644
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -552,14 +552,20 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
   if(200 != data->req.httpcode) {
     if(closeConnection && data->req.newurl) {
       conn->bits.proxy_connect_closed = TRUE;
       infof(data, "Connect me again please\n");
     }
- else if(data->req.newurl) {
- /* this won't be used anymore for the CONNECT so free it now */
- free(data->req.newurl);
- data->req.newurl = NULL;
+ else {
+ if(data->req.newurl) {
+ /* this won't be used anymore for the CONNECT so free it now */
+ free(data->req.newurl);
+ data->req.newurl = NULL;
+ }
+ /* failure, close this connection to avoid re-use */
+ connclose(conn, "proxy CONNECT failure");
+ Curl_closesocket(conn, conn->sock[sockindex]);
+ conn->sock[sockindex] = CURL_SOCKET_BAD;
     }
 
     /* to back to init state */
     conn->tunnel_state[sockindex] = TUNNEL_INIT;
 

~~~~~~

---
** [bugs:#1381] Problem with proxy CONNECT using wrong auth then re-used**
**Status:** open-confirmed
**Created:** Wed Jun 11, 2014 02:07 PM UTC by Marcel Raad
**Last Updated:** Wed Jul 23, 2014 12:00 PM UTC
**Owner:** Daniel Stenberg
I'm using libcurl 7.37.0 (built with SSPI on Windows) and I'm trying to establish a proxy tunnel through a squid 3.2.11 proxy, which sends "Connection: Keep-Alive" with 407 responses. Both CURLOPT_HTTPPROXYTUNNEL and CURLOPT_CONNECT_ONLY are set to 1. When I use the easy API, everything works as expected, and also when I use a proxy that sends "(Proxy-)Connection: Close" with 407 responses, as the connection is not reused in this case.
But when I use the multi API and I don't submit valid proxy credentials for the first transfer, the connection gets reused for the second transfer (now with valid credentials). Because the first socket is then still valid in Curl_setup_conn, multi_runsingle switches immediately from CURLM_STATE_CONNECT to CURLM_STATE_DO, skipping proxy authentication, and then immediately to CURLM_STATE_DONE because of the connect_only option. libcurl then tells me that the connection was successful, but I cannot use the socket as the CONNECT still has not succeeded because of the missing proxy authentication.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2014-07-30

These mail archives are generated by hypermail.

donate! Page updated March 21, 2014.
web site info

File upload with ASP.NET