Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using a blank username in the URL results in (nil) being encoded into the Authorization header #7819

Closed
rick-a-lane-ii opened this issue Oct 6, 2021 · 1 comment

Comments

@rick-a-lane-ii
Copy link

@rick-a-lane-ii rick-a-lane-ii commented Oct 6, 2021

I did this

curl -I -vvv http://:example@www.example.com

Authorization: Basic KG5pbCk6ZXhhbXBsZQ==

echo 'KG5pbCk6ZXhhbXBsZQ==' | base64 -d

(nil):example

I expected the following

Authorization: Basic OmV4YW1wbGU=

echo 'OmV4YW1wbGU=' | base64 -d

:example

curl/libcurl version

curl 7.79.1 (x86_64-pc-linux-musl) libcurl/7.79.1 OpenSSL/1.1.1l zlib/1.2.11 libssh2/1.9.0 nghttp2/1.42.0
Release-Date: 2021-09-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

curl 7.79.1 (x86_64-apple-darwin20.4.0) libcurl/7.79.1 (SecureTransport) OpenSSL/1.1.1l zlib/1.2.11 brotli/1.0.9 zstd/1.5.0 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.45.1 librtmp/2.3 OpenLDAP/2.5.7
Release-Date: 2021-09-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets zstd

operating system

Linux redacted 5.10.16.3-microsoft-standard-WSL2 #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Darwin redacted 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21 PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64 x86_64

@rick-a-lane-ii
Copy link
Author

@rick-a-lane-ii rick-a-lane-ii commented Oct 6, 2021

The following works as expected, and currently produces inconsistent results when compared against the above:

curl -I -vvv -u :example http://www.example.com

@bagder bagder self-assigned this Oct 6, 2021
bagder added a commit that referenced this issue Oct 6, 2021
Add test 367 to verify.

Reported-by: Rick Lane
Fixes #7819
Closes #
@bagder bagder closed this in 87907d5 Oct 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants