From: Aymeric Vincent <aymericvincent@free.fr>
Date: Tue, 27 Oct 2015 22:48:24 +0000 (-0700)
Subject: Fix incorrect authentication headers on cache digest requests
X-Git-Tag: SQUID_3_5_11~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=addef35a37a41a75d160344130c250a8c604754a;p=thirdparty%2Fsquid.git

Fix incorrect authentication headers on cache digest requests

  login=NEGOTIATE can have an additional parameter specified,
   like login=NEGOTIATE:xxx

One test added in rev.12714 does not take this case into account and it
will send a garbage "login:password" (== "NEGOTIATE:xxx") to its peer
when requesting a digest.

This is a workaround patch to remove the broken Authentication headers
entirely. Support for Negotiate to the peer on these digest requests is
still needed.
---

diff --git a/src/peer_digest.cc b/src/peer_digest.cc
index 2f4aec9bac..ec6ed449cd 100644
--- a/src/peer_digest.cc
+++ b/src/peer_digest.cc
@@ -312,7 +312,7 @@ peerDigestRequest(PeerDigest * pd)
             p->login[0] != '*' &&
             strcmp(p->login, "PASS") != 0 &&
             strcmp(p->login, "PASSTHRU") != 0 &&
-            strcmp(p->login, "NEGOTIATE") != 0 &&
+            strncmp(p->login, "NEGOTIATE",9) != 0 &&
             strcmp(p->login, "PROXYPASS") != 0) {
         xstrncpy(req->login, p->login, MAX_LOGIN_SZ);
     }