Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infinitive loop of requests with HTTP proxy in certain conditions #6828

Closed
danielkurecka opened this issue Apr 1, 2021 · 1 comment
Closed

Infinitive loop of requests with HTTP proxy in certain conditions #6828

danielkurecka opened this issue Apr 1, 2021 · 1 comment
Assignees
@bagder
Labels
connecting & proxies HTTP

Comments

@danielkurecka
Copy link

@danielkurecka danielkurecka commented Apr 1, 2021

I did this

Recently I came up to a few public proxies that were returning 407 status code with Proxy-Authenticate response header while also missing final CRLF to indicate end-of-headers. Curl with such a proxy will repeat the CONNECT request indefinitely.

Here is how to reproduce it:

#!/usr/bin/env python
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('localhost', 8787)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(server_address)
s.listen(1)

while True:
    connection, client_address = s.accept()
    data = connection.recv(1024)
    connection.sendall(b'HTTP/1.1 407 Authentication Required\r\n')
    connection.sendall(b'Proxy-Authenticate: Basic\r\n')
    # with this line it will work fine
    #connection.sendall(b'\r\n')
    connection.close()

curl -v -x http://localhost:8787 https://example.com

I expected the following

It should end up with some error instead.

curl/libcurl version

curl 7.75.0 (x86_64-pc-linux-musl) libcurl/7.75.0 OpenSSL/1.1.1k zlib/1.2.11 libssh2/1.9.0 nghttp2/1.41.0
Release-Date: 2021-02-03
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

operating system

Linux flanker 5.4.0-70-generic 78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
@jay
Copy link
Member

@jay jay commented Apr 1, 2021
edited

Probably there should be a check that all the headers were received before deciding whether to retry the request due to auth.

@bagder bagder self-assigned this Apr 5, 2021
bagder added a commit that referenced this issue Apr 5, 2021
@bagder
http_proxy: only loop on 407 + close if we have credentials
195faec 
... to fix the retry-loop.

Reported-by: Daniel Kurečka
Fixes #6828
Closes #[fill in]
@bagder bagder mentioned this issue Apr 5, 2021
Closed
bagder added a commit that referenced this issue Apr 5, 2021
@bagder
http_proxy: only loop on 407 + close if we have credentials
5ce44fd 
... to fix the retry-loop.

Add test 718 to verify.

Reported-by: Daniel Kurečka
Fixes #6828
Closes #6850
@bagder bagder closed this as completed in 605aa03 Apr 5, 2021
@Totktonada Totktonada mentioned this issue Apr 21, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bagder bagder

Labels
connecting & proxies HTTP
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

http_proxy: only loop on 407 + close if we have credentials curl/curl
3 participants
@bagder @jay @danielkurecka