setopt: clear proxy auth properties when switching

bagder · bagder · commit c1cfdf59acba · 2026-04-27T10:27:01.000+02:00
Verify with test 1588 Closes #21453
diff --git a/lib/setopt.c b/lib/setopt.c
@@ -49,6 +49,7 @@
 #include "curlx/strdup.h"
 #include "escape.h"
 #include "bufref.h"
+#include "vauth/vauth.h"
 
 static CURLcode setopt_set_timeout_sec(timediff_t *ptimeout_ms, long secs)
 {
@@ -1622,6 +1623,20 @@ static CURLcode cookiefile(struct Curl_easy *data, const char *ptr)
 #endif
 
 #ifndef CURL_DISABLE_PROXY
+
+static CURLcode setproxy(struct Curl_easy *data, const char *proxy)
+{
+  if((data->set.str[STRING_PROXY] && proxy) &&
+     /* there was one set, is this a new one? */
+     !strcmp(data->set.str[STRING_PROXY], proxy))
+    return CURLE_OK; /* same one as before */
+
+  Curl_auth_digest_cleanup(&data->state.proxydigest);
+  memset(&data->state.authproxy, 0, sizeof(data->state.authproxy));
+  return Curl_setstropt(&data->set.str[STRING_PROXY], proxy);
+}
+
+
 static CURLcode setopt_cptr_proxy(struct Curl_easy *data, CURLoption option,
                                   const char *ptr)
 {
@@ -1717,7 +1732,7 @@ static CURLcode setopt_cptr_proxy(struct Curl_easy *data, CURLoption option,
      * Setting it to NULL, means no proxy but allows the environment variables
      * to decide for us (if CURLOPT_PRE_PROXY setting it to NULL).
      */
-    return Curl_setstropt(&s->str[STRING_PROXY], ptr);
+    return setproxy(data, ptr);
   case CURLOPT_PRE_PROXY:
     /*
      * Set proxy server:port to use as SOCKS proxy.
diff --git a/lib/vauth/vauth.h b/lib/vauth/vauth.h
@@ -117,6 +117,7 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
 /* This is used to clean up the digest specific data */
 void Curl_auth_digest_cleanup(struct digestdata *digest);
 #else
+#define Curl_auth_digest_cleanup(x)
 #define Curl_auth_is_digest_supported()       FALSE
 #endif /* !CURL_DISABLE_DIGEST_AUTH */
 
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
@@ -209,6 +209,7 @@ test1556 test1557 test1558 test1559 test1560 test1561 test1562 test1563 \
 test1564 test1565 test1566 test1567 test1568 test1569 test1570 test1571 \
 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 \
 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 \
+test1588 \
 \
 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 \
 test1598 test1599 test1600 test1601 test1602 test1603 test1604 test1605 \
diff --git a/tests/data/test1588 b/tests/data/test1588
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+HTTP proxy
+HTTP proxy Digest auth
+multi
+</keywords>
+</info>
+
+# Server-side
+<reply>
+
+# this is returned first since we get no proxy-auth
+<data crlf="headers">
+HTTP/1.1 407 Authorization Required to proxy me my dear
+Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345"
+Content-Length: 33
+
+And you should ignore this data.
+</data>
+
+# then this is returned when we get proxy-auth
+<data1000 crlf="headers">
+HTTP/1.1 200 OK
+Content-Length: 21
+Server: no
+
+Nice proxy auth sir!
+</data1000>
+
+<datacheck crlf="headers">
+HTTP/1.1 407 Authorization Required to proxy me my dear
+Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345"
+Content-Length: 33
+
+HTTP/1.1 200 OK
+Content-Length: 21
+Server: no
+
+Nice proxy auth sir!
+HTTP/1.1 407 Authorization Required to proxy me my dear
+Proxy-Authenticate: Digest realm="weirdorealm", nonce="12345"
+Content-Length: 33
+
+HTTP/1.1 200 OK
+Content-Length: 21
+Server: no
+
+Nice proxy auth sir!
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+# tool is what to use instead of 'curl'
+<tool>
+lib%TESTNUMBER
+</tool>
+<features>
+!SSPI
+crypto
+proxy
+digest
+</features>
+<name>
+HTTP proxy auth Digest, then change proxy and do it again
+</name>
+<command>
+http://test.remote.example.com/path/%TESTNUMBER %HOSTIP %HTTPPORT silly:person custom.set.host.name
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<protocol crlf="headers">
+GET http://test.remote.example.com/path/1588 HTTP/1.1
+Host: test.remote.example.com
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://test.remote.example.com/path/1588 HTTP/1.1
+Host: test.remote.example.com
+Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="/path/1588", response="d0b2f000c7e3fca24452b5810713404a"
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://test.remote.example.com/path/1588 HTTP/1.1
+Host: test.remote.example.com
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://test.remote.example.com/path/1588 HTTP/1.1
+Host: test.remote.example.com
+Proxy-Authorization: Digest username="silly", realm="weirdorealm", nonce="12345", uri="/path/1588", response="d0b2f000c7e3fca24452b5810713404a"
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
@@ -96,7 +96,7 @@ TESTS_C = \
   lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c \
   lib1559.c lib1560.c                               lib1564.c lib1565.c \
   lib1567.c lib1568.c lib1569.c           lib1571.c \
-  lib1576.c lib1582.c lib1587.c \
+  lib1576.c lib1582.c lib1587.c lib1588.c \
   lib1591.c lib1592.c lib1593.c lib1594.c                     lib1597.c \
   lib1598.c lib1599.c \
   lib1662.c \
diff --git a/tests/libtest/lib1588.c b/tests/libtest/lib1588.c
@@ -0,0 +1,150 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+/*
+ * argv1 = URL
+ * argv2 = proxy host
+ * argv3 = proxy port
+ * argv4 = proxyuser:password
+ */
+
+#include "first.h"
+
+static CURLcode init1588(CURL *curl, const char *url,
+                         const char *userpwd, const char *proxy)
+{
+  CURLcode result = CURLE_OK;
+
+  res_easy_setopt(curl, CURLOPT_URL, url);
+  if(result)
+    goto init_failed;
+
+  res_easy_setopt(curl, CURLOPT_PROXY, proxy);
+  if(result)
+    goto init_failed;
+
+  res_easy_setopt(curl, CURLOPT_PROXYUSERPWD, userpwd);
+  if(result)
+    goto init_failed;
+
+  res_easy_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_DIGEST);
+  if(result)
+    goto init_failed;
+
+  res_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
+  if(result)
+    goto init_failed;
+#if 0
+  res_easy_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
+  if(result)
+    goto init_failed;
+#endif
+
+  res_easy_setopt(curl, CURLOPT_HEADER, 1L);
+  if(result)
+    goto init_failed;
+
+  return CURLE_OK; /* success */
+
+init_failed:
+  return result; /* failure */
+}
+
+static CURLcode run1588(CURL *curl, const char *url, const char *userpwd,
+                        const char *proxy)
+{
+  CURLcode result = CURLE_OK;
+
+  result = init1588(curl, url, userpwd, proxy);
+  if(result)
+    return result;
+
+  return curl_easy_perform(curl);
+}
+
+static CURLcode test_lib1588(const char *URL)
+{
+  CURLcode result = CURLE_OK;
+  CURL *curl = NULL;
+  const char *proxyuserpws = libtest_arg4;
+  struct curl_slist *host = NULL;
+  struct curl_slist *host2 = NULL;
+  char proxy1_resolve[128];
+  char proxy2_resolve[128];
+  char proxy1_connect[128];
+  char proxy2_connect[128];
+
+  if(test_argc < 3)
+    return TEST_ERR_MAJOR_BAD;
+
+  curl_msnprintf(proxy1_resolve, sizeof(proxy1_resolve),
+                 "firstproxy:%s:%s", libtest_arg3, libtest_arg2);
+  curl_msnprintf(proxy2_resolve, sizeof(proxy2_resolve),
+                 "secondproxy:%s:%s", libtest_arg3, libtest_arg2);
+
+  /* we connect to the fake host name but the right port number */
+  curl_msnprintf(proxy1_connect, sizeof(proxy1_connect),
+                 "firstproxy:%s", libtest_arg3);
+  curl_msnprintf(proxy2_connect, sizeof(proxy2_connect),
+                 "secondproxy:%s", libtest_arg3);
+
+  res_global_init(CURL_GLOBAL_ALL);
+  if(result)
+    return result;
+
+  curl = curl_easy_init();
+  if(!curl) {
+    curl_mfprintf(stderr, "curl_easy_init() failed\n");
+    curl_global_cleanup();
+    return TEST_ERR_MAJOR_BAD;
+  }
+
+  host = curl_slist_append(NULL, proxy1_resolve);
+  if(!host)
+    goto test_cleanup;
+  host2 = curl_slist_append(host, proxy2_resolve);
+  if(!host2)
+    goto test_cleanup;
+  host = host2;
+
+  start_test_timing();
+
+  easy_setopt(curl, CURLOPT_RESOLVE, host);
+
+  result = run1588(curl, URL, proxyuserpws, proxy1_connect);
+  if(result)
+    goto test_cleanup;
+
+  curl_mfprintf(stderr, "lib1588: now we do the request again\n");
+
+  result = run1588(curl, URL, proxyuserpws, proxy2_connect);
+
+test_cleanup:
+
+  /* proper cleanup sequence - type PB */
+
+  curl_easy_cleanup(curl);
+  curl_global_cleanup();
+  curl_slist_free_all(host);
+  return result;
+}

Original file line number	Diff line number	Diff line change
`@@ -209,6 +209,7 @@ test1556 test1557 test1558 test1559 test1560 test1561 test1562 test1563 \`
`209`	`209`	`test1564 test1565 test1566 test1567 test1568 test1569 test1570 test1571 \`
`210`	`210`	`test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 \`
`211`	`211`	`test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 \`
	`212`	`+test1588 \`
`212`	`213`	`\`
`213`	`214`	`test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 \`
`214`	`215`	`test1598 test1599 test1600 test1601 test1602 test1603 test1604 test1605 \`