cURL does not pass proxy passwords greater than 255 characters to http proxies #5448
I did this
I expected the following
I expected cURL to send the entire username/password string to the proxy in the Proxy-Authorization header. Instead cURL appears to send just the username and a colon:
Proxy-Authorization: Basic d2lsbDo=
Debian 10, using a newer kernel: 5.5.0-0.bpo.2 (5.5.17-1~bpo10+1)
The text was updated successfully, but these errors were encountered:
Yes and no!
If you'd try that exact program with a current libcurl version, you would not have this problem. As when providing the credentials within the proxy string has no such length restriction since a while back (I believe since we started parsing the proxy string with the URL parser even internally, in 7.65.0).
However, we still had such a restriction on the HTTP proxy auth credentials if they were specified separately with -U, so there was still a bug in there. PR coming up with a fix for this.
They're only limited by the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448