RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-27 23:22:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: http-ana: Handle NTLM messages correctly.

Browse Source 
When checking www-authenticate headers, we don't want to just accept
"NTLM" as value, because the server may send "HTLM <base64 value>". Instead,
just check that it starts with NTLM.

This should be backported to 2.1, 2.0, 1.9 and 1.8.
This commit is contained in:
Olivier Houchard 2020-04-22 21:51:14 +02:00
parent b203ff6e20
commit 9df188695f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/http_ana.c
View File

@ -1824,7 +1824,7 @@ int http_wait_for_response(struct stream *s, struct channel *rep, int an_bit)
ctx.blk = NULL;
while (http_find_header(htx, hdr, &ctx, 0)) {
if ((ctx.value.len >= 9 && word_match(ctx.value.ptr, ctx.value.len, "Negotiate", 9)) ||
(ctx.value.len >= 4 && word_match(ctx.value.ptr, ctx.value.len, "NTLM", 4))) {
(ctx.value.len >= 4 && !memcmp(ctx.value.ptr, "NTLM", 4))) {
sess->flags |= SESS_FL_PREFER_LAST;
srv_conn->flags |= CO_FL_PRIVATE;
}