From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 8 Mar 2013 09:32:25 +0000 (-0700)
Subject: Fix authentication headers sent on peer digest requests
X-Git-Tag: SQUID_3_2_9~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=52e1d9be4bc85296b65fc756e2902e2b50cec3e7;p=thirdparty%2Fsquid.git

Fix authentication headers sent on peer digest requests

Cache digest fetches have been sending the cache_peer login= option
value without sanitizing it for special-case values used internally
by Squid. This causes authentication failure on peers which are checking
user credentials.
---

diff --git a/src/peer_digest.cc b/src/peer_digest.cc
index 973a1af4b6..0304e3da87 100644
--- a/src/peer_digest.cc
+++ b/src/peer_digest.cc
@@ -343,9 +343,14 @@ peerDigestRequest(PeerDigest * pd)
 
     req->header.putStr(HDR_ACCEPT, "text/html");
 
-    if (p->login)
+    if (p->login &&
+            p->login[0] != '*' &&
+            strcmp(p->login, "PASS") != 0 &&
+            strcmp(p->login, "PASSTHRU") != 0 &&
+            strcmp(p->login, "NEGOTIATE") != 0 &&
+            strcmp(p->login, "PROXYPASS") != 0) {
         xstrncpy(req->login, p->login, MAX_LOGIN_SZ);
-
+    }
     /* create fetch state structure */
     CBDATA_INIT_TYPE(DigestFetchState);