From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 17 Aug 2016 13:34:13 +0000 (+1200)
Subject: Fix logic error in rev.13930
X-Git-Tag: SQUID_3_5_21~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c0593faf5b03a8b5625494d15702553edd41617;p=thirdparty%2Fsquid.git

Fix logic error in rev.13930

 Using !=0 on both string compares means any login= value will permit
 40x responses through. Only PASS and PASSTHRU should be doing that.

 Detected by Coverity Scan. Issue 1364711
---

diff --git a/src/tunnel.cc b/src/tunnel.cc
index 43e74dd54f..73d64115af 100644
--- a/src/tunnel.cc
+++ b/src/tunnel.cc
@@ -476,7 +476,7 @@ TunnelStateData::handleConnectResponse(const size_t chunkSize)
 
     // we need to relay the 401/407 responses when login=PASS(THRU)
     const char *pwd = server.conn->getPeer()->login;
-    const bool relay = pwd && (strcmp(pwd, "PASS") != 0 || strcmp(pwd, "PASSTHRU") != 0) &&
+    const bool relay = pwd && (strcmp(pwd, "PASS") == 0 || strcmp(pwd, "PASSTHRU") == 0) &&
                        (*status_ptr == Http::scProxyAuthenticationRequired ||
                         *status_ptr == Http::scUnauthorized);