Some users have reported (and I found out myself too) that some browsers send
invalid Proxy-Authorization headers which can crash Squid.
The bugfix is attached below.
A new proxy_auth patch for 1.1.20 including this bugfix can be found at:
http://www.iae.nl/users/devet/squid/proxy_auth/
Arjan
-- Arjan de Vet, Eindhoven, The Netherlands <Arjan.deVet@adv.iae.nl> URL: http://www.iae.nl/users/devet/ for PGP key: finger [email protected] --- client_side.c.orig Sun Jun 7 22:26:37 1998 +++ client_side.c Sun Jun 7 22:27:18 1998 @@ -171,12 +171,20 @@ ICP_IDENT_SZ); xstrncpy(sent_user, clear_userandpw, ICP_IDENT_SZ); xfree(clear_userandpw); - s = strstr(sent_user, ":"); - *s = '\0'; s++; - xstrncpy(icpState->ident.ident, sent_user, ICP_IDENT_SZ); - /* we need this in authenticate.c */ - xstrncpy(icpState->ident.passwd, s, ICP_IDENT_SZ); - proxy_auth_hdr = 1; + if ((s = strstr(sent_user, ":")) != NULL) { + *s = '\0'; s++; + xstrncpy(icpState->ident.ident, sent_user, ICP_IDENT_SZ); + /* we need this in authenticate.c */ + xstrncpy(icpState->ident.passwd, s, ICP_IDENT_SZ); + proxy_auth_hdr = 1; + } else { + /* invalid Basic proxy authorization */ + s = mime_get_header(icpState->request_hdr, + "Proxy-authorization:"); + debug(33, 0, "clientAccessCheck: invalid proxy authorization header: %s\n", + s); + xstrncpy(icpState->aclChecklist->auth.basic, "-:-", ICP_IDENT_SZ); + } } } #endif /* USE_PROXY_AUTH */Received on Sun Jun 07 1998 - 13:38:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:38 MST