Infinitive loop of requests with HTTP proxy in certain conditions

[danielkurecka]

I did this

Recently I came up to a few public proxies that were returning 407 status code with Proxy-Authenticate response header while also missing final CRLF to indicate end-of-headers. Curl with such a proxy will repeat the CONNECT request indefinitely.

Here is how to reproduce it:

#!/usr/bin/env python
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('localhost', 8787)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(server_address)
s.listen(1)

while True:
    connection, client_address = s.accept()
    data = connection.recv(1024)
    connection.sendall(b'HTTP/1.1 407 Authentication Required\r\n')
    connection.sendall(b'Proxy-Authenticate: Basic\r\n')
    # with this line it will work fine
    #connection.sendall(b'\r\n')
    connection.close()

curl -v -x http://localhost:8787 https://example.com

I expected the following

It should end up with some error instead.

curl/libcurl version

curl 7.75.0 (x86_64-pc-linux-musl) libcurl/7.75.0 OpenSSL/1.1.1k zlib/1.2.11 libssh2/1.9.0 nghttp2/1.41.0
Release-Date: 2021-02-03
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

operating system

Linux flanker 5.4.0-70-generic 78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

[jay]

Probably there should be a check that all the headers were received before deciding whether to retry the request due to auth.