From: Willy Tarreau <w@1wt.eu>
Date: Thu, 7 May 2020 17:10:15 +0000 (+0200)
Subject: BUG/MINOR: http-ana: fix NTLM response parsing again
X-Git-Tag: v2.2-dev8~107
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=49a1d28fcb69b87317ab7ae7f26505c69ec927d9;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http-ana: fix NTLM response parsing again

Commit 9df188695f ("BUG/MEDIUM: http-ana: Handle NTLM messages correctly.")
tried to address an HTTP-reuse issue reported in github issue #511 by making
sure we properly detect extended NTLM responses, but made the match case-
sensitive while it's a token so it's case insensitive.

This should be backported to the same versions as the commit above.
---

diff --git a/src/http_ana.c b/src/http_ana.c
index d475cd24de..79124e7567 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -1824,7 +1824,7 @@ int http_wait_for_response(struct stream *s, struct channel *rep, int an_bit)
 		ctx.blk = NULL;
 		while (http_find_header(htx, hdr, &ctx, 0)) {
 			if ((ctx.value.len >= 9 && word_match(ctx.value.ptr, ctx.value.len, "Negotiate", 9)) ||
-			    (ctx.value.len >= 4 && !memcmp(ctx.value.ptr, "NTLM", 4))) {
+			    (ctx.value.len >= 4 && strncasecmp(ctx.value.ptr, "NTLM", 4) == 0)) {
 				sess->flags |= SESS_FL_PREFER_LAST;
 				srv_conn->flags |= CO_FL_PRIVATE;
 			}