From 9df188695fbf1ff17de3861ec5b281365800c7f0 Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Wed, 22 Apr 2020 21:51:14 +0200 Subject: [PATCH] BUG/MEDIUM: http-ana: Handle NTLM messages correctly. When checking www-authenticate headers, we don't want to just accept "NTLM" as value, because the server may send "HTLM ". Instead, just check that it starts with NTLM. This should be backported to 2.1, 2.0, 1.9 and 1.8. --- src/http_ana.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/http_ana.c b/src/http_ana.c index dd513e9946..e0fe67e248 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -1824,7 +1824,7 @@ int http_wait_for_response(struct stream *s, struct channel *rep, int an_bit) ctx.blk = NULL; while (http_find_header(htx, hdr, &ctx, 0)) { if ((ctx.value.len >= 9 && word_match(ctx.value.ptr, ctx.value.len, "Negotiate", 9)) || - (ctx.value.len >= 4 && word_match(ctx.value.ptr, ctx.value.len, "NTLM", 4))) { + (ctx.value.len >= 4 && !memcmp(ctx.value.ptr, "NTLM", 4))) { sess->flags |= SESS_FL_PREFER_LAST; srv_conn->flags |= CO_FL_PRIVATE; } -- 2.39.5