On Thu, 22 Jan 2004, Vincent BRONNER wrote:

Thanks for your detailed reporting!

> I tried to use libcurl 7.10.8 on Linux with a SOCKS proxy that does not
> require any authentication. So I do *not* use the CURLOPT_PROXYUSERPWD
> option. And this leads to a segmentation fault in libcurl at runtime. I
> found that in "handleSock5Proxy" function in "url.c" source file, the
> pointers "proxy_name" and "proxy_password" are set to NULL when the option
> CURLOPT_PROXYUSERPWD is not used. And this function does not test these
> pointers before trying to get name and password values... Simple workaround
> : I set the CURLOPT_PROXYUSERPWD option with an empty string !

Oops. I've now added code that checks for this. I've re-arranged some code
internally, this couldn't happen before because we always set the pointers to
point to "" in case there was no user or password. Now we have them as NULL
pointers, with the added bonus that we can support zero-length names and
passwords.

I don't have any socks proxy myself and we don't have any test cases for
socks, so this kind of errors is hard to catch.

> conn->bits.proxy_user_passwd = conn->bits.proxy_user_passwd;
> I didn't go further in the analysis, but I think it should be :
> conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;

Gah! Hey, I'll buy you a beer the next time you stop by Stockholm! ;-)

This was indeed badness and not very easy to spot!

Both these errors are now fixed in CVS.

-- 
    Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
   [[ Do not send mails to this email address. They won't reach me. ]]
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn