BUGFIX proxy_auth patch with external programs

From: Arjan de Vet <[email protected]>
Date: Sun, 7 Jun 1998 22:36:45 +0200 (CEST)

Some users have reported (and I found out myself too) that some browsers send
invalid Proxy-Authorization headers which can crash Squid.

The bugfix is attached below.

A new proxy_auth patch for 1.1.20 including this bugfix can be found at:

        http://www.iae.nl/users/devet/squid/proxy_auth/

Arjan

-- 
Arjan de Vet, Eindhoven, The Netherlands              <Arjan.deVet@adv.iae.nl>
URL: http://www.iae.nl/users/devet/           for PGP key: finger [email protected]
--- client_side.c.orig	Sun Jun  7 22:26:37 1998
+++ client_side.c	Sun Jun  7 22:27:18 1998
@@ -171,12 +171,20 @@
 		     ICP_IDENT_SZ);
 	    xstrncpy(sent_user, clear_userandpw, ICP_IDENT_SZ);
 	    xfree(clear_userandpw);
-	    s = strstr(sent_user, ":");
-	    *s = '\0'; s++;
-	    xstrncpy(icpState->ident.ident, sent_user, ICP_IDENT_SZ);
-	    /* we need this in authenticate.c */
-	    xstrncpy(icpState->ident.passwd, s, ICP_IDENT_SZ);
-	    proxy_auth_hdr = 1;
+	    if ((s = strstr(sent_user, ":")) != NULL) {
+		*s = '\0'; s++;
+		xstrncpy(icpState->ident.ident, sent_user, ICP_IDENT_SZ);
+		/* we need this in authenticate.c */
+		xstrncpy(icpState->ident.passwd, s, ICP_IDENT_SZ);
+		proxy_auth_hdr = 1;
+	    } else {
+		/* invalid Basic proxy authorization */
+		s = mime_get_header(icpState->request_hdr,
+				    "Proxy-authorization:");
+		debug(33, 0, "clientAccessCheck: invalid proxy authorization header: %s\n",
+		      s);
+		xstrncpy(icpState->aclChecklist->auth.basic, "-:-", ICP_IDENT_SZ);
+	    }
 	}
     }
 #endif /* USE_PROXY_AUTH */
Received on Sun Jun 07 1998 - 13:38:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:38 MST