Security issue with HTTP_PROXY

curl is at curl.haxx.se

Brought to you by: bagder, captain-caveman, dfandrich, linusnielsen, and 2 others

This project can now be found here.

#66 Security issue with HTTP_PROXY

Status: closed-fixed

Owner: Daniel Stenberg

Labels: libcurl (356)

Priority: 7

Updated: 2013-06-21

Created: 2001-04-11

Creator: Cris Bailiff

Private: No

Curl/libcurl apparently checks HTTP_PROXY for proxy
information for requests.

When curl is used in a webserver application
environment (cgi or php), this environment variable can
be controlled by the web server user by setting the
http header 'Proxy:' to some value.

This can cause 'internal' http/ftp requests to be
arbitrarily redirected by any external attacker.

This issue was recently uncovered in LWP, the perl
library for http, which checks http_proxy in a
case-insensitive manner.

Curl should only check the lower case version of this
variable. This might not be enough on NT.

Discussion

Daniel Stenberg - 2001-04-11

priority: 5 --> 7

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Stenberg - 2001-04-11

Logged In: YES
user_id=1110

I understand perfectly.

I just committed a fix that prevents libcurl from trying to
use HTTP_PROXY in the uppercase version.

Thanks for reporting!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Security issue with HTTP_PROXY

curl is at curl.haxx.se

Searches

Help

#66 Security issue with HTTP_PROXY

Discussion