romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-30 06:17:28 +03:00
Code Issues Projects Releases Packages Wiki Activity

setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine

Browse source 
Prevent the previous memory leak. Adjusted test 590 to reproduce the
problem then verify the fix.

Fixes #16599
Reported-by: Catena cyber
Closes #16601
This commit is contained in:
Daniel Stenberg 2025-03-06 23:40:17 +01:00
parent f1662ae97b
commit 4e8d621bd8
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
2 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/setopt.c
View file

@ -2145,12 +2145,16 @@ static CURLcode setopt_cptr(struct Curl_easy *data, CURLoption option,
result = setstropt_userpwd(ptr, &u, &p);
/* URL decode the components */
if(!result && u)
if(!result && u) {
Curl_safefree(data->set.str[STRING_PROXYUSERNAME]);
result = Curl_urldecode(u, 0, &data->set.str[STRING_PROXYUSERNAME], NULL,
REJECT_ZERO);
if(!result && p)
}
if(!result && p) {
Curl_safefree(data->set.str[STRING_PROXYPASSWORD]);
result = Curl_urldecode(p, 0, &data->set.str[STRING_PROXYPASSWORD], NULL,
REJECT_ZERO);
}
free(u);
free(p);
}

4
tests/libtest/lib590.c
View file

@ -61,6 +61,10 @@ CURLcode test(char *URL)
test_setopt(curl, CURLOPT_PROXYAUTH,
(long) (CURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_NTLM));
test_setopt(curl, CURLOPT_PROXY, libtest_arg2); /* set in first.c */
/* set the name + password twice to test that the API is fine with it */
test_setopt(curl, CURLOPT_PROXYUSERNAME, "me");
test_setopt(curl, CURLOPT_PROXYPASSWORD, "password");
test_setopt(curl, CURLOPT_PROXYUSERPWD, "me:password");
res = curl_easy_perform(curl);