Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Infinitive loop of requests with HTTP proxy in certain conditions #6828

Closed
danielkurecka opened this issue Apr 1, 2021 · 1 comment
Closed

Comments

@danielkurecka
Copy link

I did this

Recently I came up to a few public proxies that were returning 407 status code with Proxy-Authenticate response header while also missing final CRLF to indicate end-of-headers. Curl with such a proxy will repeat the CONNECT request indefinitely.

Here is how to reproduce it:

#!/usr/bin/env python
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('localhost', 8787)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(server_address)
s.listen(1)

while True:
    connection, client_address = s.accept()
    data = connection.recv(1024)
    connection.sendall(b'HTTP/1.1 407 Authentication Required\r\n')
    connection.sendall(b'Proxy-Authenticate: Basic\r\n')
    # with this line it will work fine
    #connection.sendall(b'\r\n')
    connection.close()

curl -v -x http://localhost:8787 https://example.com

I expected the following

It should end up with some error instead.

curl/libcurl version

curl 7.75.0 (x86_64-pc-linux-musl) libcurl/7.75.0 OpenSSL/1.1.1k zlib/1.2.11 libssh2/1.9.0 nghttp2/1.41.0
Release-Date: 2021-02-03
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

operating system

Linux flanker 5.4.0-70-generic 78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

@jay
Copy link
Member

jay commented Apr 1, 2021

Probably there should be a check that all the headers were received before deciding whether to retry the request due to auth.

@bagder bagder self-assigned this Apr 5, 2021
bagder added a commit that referenced this issue Apr 5, 2021
... to fix the retry-loop.

Reported-by: Daniel Kurečka
Fixes #6828
Closes #[fill in]
bagder added a commit that referenced this issue Apr 5, 2021
... to fix the retry-loop.

Add test 718 to verify.

Reported-by: Daniel Kurečka
Fixes #6828
Closes #6850
@bagder bagder closed this as completed in 605aa03 Apr 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

3 participants