Description
I did this
Recently I came up to a few public proxies that were returning 407 status code with Proxy-Authenticate response header while also missing final CRLF to indicate end-of-headers. Curl with such a proxy will repeat the CONNECT request indefinitely.
Here is how to reproduce it:
#!/usr/bin/env python
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('localhost', 8787)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(server_address)
s.listen(1)
while True:
connection, client_address = s.accept()
data = connection.recv(1024)
connection.sendall(b'HTTP/1.1 407 Authentication Required\r\n')
connection.sendall(b'Proxy-Authenticate: Basic\r\n')
# with this line it will work fine
#connection.sendall(b'\r\n')
connection.close()curl -v -x http://localhost:8787 https://example.com
I expected the following
It should end up with some error instead.
curl/libcurl version
curl 7.75.0 (x86_64-pc-linux-musl) libcurl/7.75.0 OpenSSL/1.1.1k zlib/1.2.11 libssh2/1.9.0 nghttp2/1.41.0
Release-Date: 2021-02-03
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
operating system
Linux flanker 5.4.0-70-generic 78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux