- James Bursa posted a patch to the mailing list that fixed a problem with

no_proxy which made it not skip the proxy if the URL entered contained a
  user name. I added test case 1101 to verify.

CHANGES

@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel Stenberg (17 May 2009)
+- James Bursa posted a patch to the mailing list that fixed a problem with
+  no_proxy which made it not skip the proxy if the URL entered contained a
+  user name. I added test case 1101 to verify.
+
 Daniel Stenberg (11 May 2009)
 - Balint Szilakszi reported a memory leak when libcurl did gzip decompression
   of streams that had some parts (legitimately) missing. We now provide and use

RELEASE-NOTES

@@ -47,6 +47,7 @@ This release includes the following bugfixes:
  o POST, NTLM and following a redirect hang
  o libcurl+NSS endless loop on incorrect password for private key
  o gzip decompression memory leak
+ o no_proxy flaw with user name in URL
 
 This release includes the following known bugs:
 
@@ -61,6 +62,6 @@ advice from friends like these:
  Pramod Sharma, Gisle Vanem, Lenaic Lefever, Rainer Koenig, Sven Wegener,
  Tim Chen, Constantine Sapuntzakis, David McCreedy, Michael Smith,
  Colin Watson, Ebenezer Ikonne, Laurent Rabret, Michael Cronenworth,
- Balint Szilakszi
+ Balint Szilakszi, James Bursa
 
         Thanks! (and sorry if I forgot to mention someone)

lib/url.c

@@ -4316,6 +4316,44 @@ static CURLcode create_conn(struct SessionHandle *data,
       return result;
   }
 
+  /*************************************************************
+   * No protocol part in URL was used, add it!
+   *************************************************************/
+  if(conn->protocol&PROT_MISSING) {
+    /* We're guessing prefixes here and if we're told to use a proxy or if
+       we're gonna follow a Location: later or... then we need the protocol
+       part added so that we have a valid URL. */
+    char *reurl;
+
+    reurl = aprintf("%s://%s", conn->protostr, data->change.url);
+
+    if(!reurl) {
+      Curl_safefree(proxy);
+      return CURLE_OUT_OF_MEMORY;
+    }
+
+    data->change.url = reurl;
+    data->change.url_alloc = TRUE; /* free this later */
+    conn->protocol &= ~PROT_MISSING; /* switch that one off again */
+  }
+
+  /*************************************************************
+   * Setup internals depending on protocol
+   *************************************************************/
+  result = setup_connection_internals(data, conn);
+  if(result != CURLE_OK) {
+    Curl_safefree(proxy);
+    return result;
+  }
+
+  /*************************************************************
+   * Parse a user name and password in the URL and strip it out
+   * of the host name
+   *************************************************************/
+  result = parse_url_userpass(data, conn, user, passwd);
+  if(result != CURLE_OK)
+    return result;
+
 #ifndef CURL_DISABLE_PROXY
   /*************************************************************
    * Extract the user and password from the authentication string
@@ -4371,37 +4409,6 @@ static CURLcode create_conn(struct SessionHandle *data,
   }
 #endif /* CURL_DISABLE_PROXY */
 
-  /*************************************************************
-   * No protocol part in URL was used, add it!
-   *************************************************************/
-  if(conn->protocol&PROT_MISSING) {
-    /* We're guessing prefixes here and if we're told to use a proxy or if
-       we're gonna follow a Location: later or... then we need the protocol
-       part added so that we have a valid URL. */
-    char *reurl;
-
-    reurl = aprintf("%s://%s", conn->protostr, data->change.url);
-
-    if(!reurl) {
-      Curl_safefree(proxy);
-      return CURLE_OUT_OF_MEMORY;
-    }
-
-    data->change.url = reurl;
-    data->change.url_alloc = TRUE; /* free this later */
-    conn->protocol &= ~PROT_MISSING; /* switch that one off again */
-  }
-
-  /*************************************************************
-   * Setup internals depending on protocol
-   *************************************************************/
-  result = setup_connection_internals(data, conn);
-  if(result != CURLE_OK) {
-    Curl_safefree(proxy);
-    return result;
-  }
-
-
 #ifndef CURL_DISABLE_PROXY
   /***********************************************************************
    * If this is supposed to use a proxy, we need to figure out the proxy
@@ -4462,14 +4469,6 @@ static CURLcode create_conn(struct SessionHandle *data,
   if((conn->protocol&PROT_SSL) && conn->bits.httpproxy)
     conn->bits.tunnel_proxy = TRUE;
 
-  /*************************************************************
-   * Parse a user name and password in the URL and strip it out
-   * of the host name
-   *************************************************************/
-  result = parse_url_userpass(data, conn, user, passwd);
-  if(result != CURLE_OK)
-    return result;
-
   /*************************************************************
    * Figure out the remote port number and fix it in the URL
    *************************************************************/

tests/data/Makefile.am

@@ -62,7 +62,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46	   \
  test635 test636 test637 test558 test559 test1086 test1087 test1088        \
  test1089 test1090 test1091 test1092 test1093 test1094 test1095 test1096   \
  test1097 test560 test561 test1098 test1099 test562 test563 test1100       \
- test564
+ test564 test1101
 
 filecheck:
 	@mkdir test-place; \

tests/data/test1101

@@ -0,0 +1,53 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+NO_PROXY
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Content-Length: 4
+Content-Type: text/html
+
+boo
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+NO_PROXY test, with user name in URL
+ </name>
+
+<setenv>
+no_proxy=%HOSTIP
+http_proxy=http://non-existing-host.haxx.se:3128/
+</setenv>
+ <command>
+http://user:secret@%HOSTIP:%HTTPPORT/gimme/1101
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /gimme/1101 HTTP/1.1
+Authorization: Basic dXNlcjpzZWNyZXQ=
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>