]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a37d607)
Fix authentication headers sent on peer digest requests
authorAmos Jeffries <squid3@treenet.co.nz>
Sun, 3 Mar 2013 12:44:30 +0000 (05:44 -0700)
committerAmos Jeffries <squid3@treenet.co.nz>
Sun, 3 Mar 2013 12:44:30 +0000 (05:44 -0700)
Cache digest fetches have been sending the cache_peer login= option
value without sanitizing it for special-case values used internally
by Squid. This causes authentication failure on peers which are checking
user credentials.

src/peer_digest.cc patch | blob | blame | history

diff --git a/src/peer_digest.cc b/src/peer_digest.cc
index 1e723329d200c37060a7bacd1a8d3ec141b9bd30..e3792524ee468cf1c3e0ade8174a21f5c95ff6c6 100644 (file)
--- a/src/peer_digest.cc
+++ b/src/peer_digest.cc
@@ -347,9 +347,14 @@ peerDigestRequest(PeerDigest * pd)
 
     req->header.putStr(HDR_ACCEPT, "text/html");
 
-    if (p->login)
+    if (p->login &&
+            p->login[0] != '*' &&
+            strcmp(p->login, "PASS") != 0 && 
+            strcmp(p->login, "PASSTHRU") != 0 && 
+            strcmp(p->login, "NEGOTIATE") != 0 && 
+            strcmp(p->login, "PROXYPASS") != 0) {
         xstrncpy(req->login, p->login, MAX_LOGIN_SZ);
-
+    }
     /* create fetch state structure */
     CBDATA_INIT_TYPE(DigestFetchState);
 
Mirror of https://github.com/squid-cache/squid.git