Using !=0 on both string compares means any login= value will permit
40x responses through. Only PASS and PASSTHRU should be doing that.
Detected by Coverity Scan. Issue
1364711
// we need to relay the 401/407 responses when login=PASS(THRU)
const char *pwd = server.conn->getPeer()->login;
// we need to relay the 401/407 responses when login=PASS(THRU)
const char *pwd = server.conn->getPeer()->login;
- const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) &&
+ const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) &&
(*status_ptr == Http::scProxyAuthenticationRequired ||
*status_ptr == Http::scUnauthorized);
(*status_ptr == Http::scProxyAuthenticationRequired ||
*status_ptr == Http::scUnauthorized);