From 949ff9715a55886ab13fd6cb59d4b4043d457793 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 23 Oct 2007 21:00:51 +0000
Subject: [PATCH] Bug report #1812190
 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out that libcurl tried
 to re-use connections a bit too much when using non-SSL protocols tunneled
 over a HTTP proxy.

---
 CHANGES       |  5 +++++
 RELEASE-NOTES |  2 ++
 TODO-RELEASE  |  5 +----
 lib/url.c     | 18 +++++++++++-------
 4 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index bc798bb..89855d7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel S (23 October 2007)
+- Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
+  that libcurl tried to re-use connections a bit too much when using non-SSL
+  protocols tunneled over a HTTP proxy.
+
 Daniel S (22 October 2007)
 - Michal Marek forwarded the bug report
   https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index cbc24b8..65d2360 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -41,6 +41,8 @@ This release includes the following bugfixes:
  o specifying a proxy with a trailing slash didn't work (unless it also
    contained a port number)
  o redirect from HTTP to FTP memory problem
+ o re-used connections a bit too much when using non-SSL protocols tunneled
+   over a HTTP proxy
 
 This release includes the following known bugs:
 
diff --git a/TODO-RELEASE b/TODO-RELEASE
index 10ca2ed..563d037 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -1,7 +1,4 @@
-To be addressed before 7.17.1 (planned release: November 2007)
+To be addressed before 7.17.1 (planned release: late October 2007)
 =============================
 
-104 - [ curl-Bugs-1812190 ] libcurl can use wrong connection, when using
-      https
-
 106 - 
diff --git a/lib/url.c b/lib/url.c
index 1fc11f1..9d6be53 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2399,14 +2399,18 @@ ConnectionExists(struct SessionHandle *data,
       /* don't do mixed SSL and non-SSL connections */
       continue;
 
-    if(!needle->bits.httpproxy || needle->protocol&PROT_SSL) {
-      /* The requested connection does not use a HTTP proxy or it
-         uses SSL. */
+    if(needle->bits.proxy != check->bits.proxy)
+      /* don't do mixed proxy and non-proxy connections */
+      continue;
 
-      if(!(needle->protocol&PROT_SSL) && check->bits.httpproxy)
-        /* we don't do SSL but the cached connection has a proxy,
-           then don't match this */
-        continue;
+    if(!needle->bits.httpproxy || needle->protocol&PROT_SSL ||
+       (needle->bits.httpproxy && check->bits.httpproxy &&
+        needle->bits.tunnel_proxy && check->bits.tunnel_proxy &&
+        strequal(needle->proxy.name, check->proxy.name) &&
+        (needle->port == check->port))) {
+      /* The requested connection does not use a HTTP proxy or it uses SSL or
+         it is a non-SSL protocol tunneled over the same http proxy name and
+         port number */
 
       if(strequal(needle->protostr, check->protostr) &&
          strequal(needle->host.name, check->host.name) &&
-- 
2.7.4