From 98ace3e4e2a5db23a59d356b966b9305f472a595 Mon Sep 17 00:00:00 2001
From: Aymeric Vincent <aymericvincent@free.fr>
Date: Sun, 25 Oct 2015 19:53:30 -0700
Subject: [PATCH] Fix incorrect authentication headers on cache digest requests

  login=NEGOTIATE can have an additional parameter specified,
   like login=NEGOTIATE:xxx

One test added in rev.12714 does not take this case into account and it
will send a garbage "login:password" (== "NEGOTIATE:xxx") to its peer
when requesting a digest.

This is a workaround patch to remove the broken Authentication headers
entirely. Support for Negotiate to the peer on these digest requests is
still needed.
---
 src/peer_digest.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/peer_digest.cc b/src/peer_digest.cc
index 80ae96be51..97cfbf1ae4 100644
--- a/src/peer_digest.cc
+++ b/src/peer_digest.cc
@@ -351,7 +351,7 @@ peerDigestRequest(PeerDigest * pd)
             p->login[0] != '*' &&
             strcmp(p->login, "PASS") != 0 &&
             strcmp(p->login, "PASSTHRU") != 0 &&
-            strcmp(p->login, "NEGOTIATE") != 0 &&
+            strncmp(p->login, "NEGOTIATE",9) != 0 &&
             strcmp(p->login, "PROXYPASS") != 0) {
         req->url.userInfo(SBuf(p->login)); // XXX: performance regression make peer login SBuf as well.
     }
-- 
2.47.3