cURL does not pass proxy passwords greater than 255 characters to http proxies #5448
Assignees
Labels
Comments
|
Yes and no! If you'd try that exact program with a current libcurl version, you would not have this problem. As when providing the credentials within the proxy string has no such length restriction since a while back (I believe since we started parsing the proxy string with the URL parser even internally, in 7.65.0). However, we still had such a restriction on the HTTP proxy auth credentials if they were specified separately with -U, so there was still a bug in there. PR coming up with a fix for this. |
bagder
added a commit
that referenced
this issue
May 25, 2020
They're only limited by the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448
|
Thanks I looked through the issues, but didn't think to look through the pull requests for any relevant fixes. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I did this
export http_proxy=http://will:01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789@proxyserver:12000
curl -v sydonis.com > /dev/null
I expected the following
I expected cURL to send the entire username/password string to the proxy in the Proxy-Authorization header. Instead cURL appears to send just the username and a colon:
Proxy-Authorization: Basic d2lsbDo=
curl/libcurl version
curl 7.64.0
operating system
Debian 10, using a newer kernel: 5.5.0-0.bpo.2 (5.5.17-1~bpo10+1)
The text was updated successfully, but these errors were encountered: