BUG/MINOR: http-fetch: check against the whole token in get_http_auth()

In 1.4, Basic authentication support was added by commit f9423ae43a
("[MINOR] acl: add http_auth and http_auth_group"). Interestingly,
a mistake there consisted in taking the length of the comparison from
the input token, so "b" matches "Basic". It was later propagated to
Bearer in 2.5 with commit f5dd337b12 ("MINOR: http:
Add http_auth_bearer sample fetch"). Let's just compare the entire
tokens.

This may be backported though it is very minor.

diff --git a/src/http_fetch.c b/src/http_fetch.c
index 3a7ca3c5c8ddd4bf6032f806a209c744acd81240..718819c7f1d9f92715d78ca243d06afd63a32182 100644 (file)
--- a/src/http_fetch.c
+++ b/src/http_fetch.c
@@ -135,7 +135,7 @@ static int get_http_auth(struct sample *smp, struct htx *htx)
 
        chunk_initlen(&txn->auth.method_data, p, 0, istend(ctx.value) - p);
 
-       if (!strncasecmp("Basic", auth_method.area, auth_method.data)) {
+       if (isteqi(ist2(auth_method.area, auth_method.data), ist("Basic"))) {
                struct buffer *http_auth = get_trash_chunk();
 
                len = base64dec(txn->auth.method_data.area,
@@ -159,7 +159,7 @@ static int get_http_auth(struct sample *smp, struct htx *htx)
 
                txn->auth.method = HTTP_AUTH_BASIC;
                return 1;
-       } else if (!strncasecmp("Bearer", auth_method.area, auth_method.data)) {
+       } else if (isteqi(ist2(auth_method.area, auth_method.data), ist("Bearer"))) {
                txn->auth.method = HTTP_AUTH_BEARER;
                return 1;
        }