BUG/MEDIUM: http-ana: Handle NTLM messages correctly. When checking www-authenticate headers, we don't want to just accept "NTLM" as value, because the server may send "HTLM <base64 value>". Instead, just check that it starts with NTLM. This should be backported to 2.1, 2.0, 1.9 and 1.8.

commit: 9df188695fbf1ff17de3861ec5b281365800c7f0 [log] [tgz]
author: Olivier Houchard <cognet@ci0.org> Wed Apr 22 21:51:14 2020 +0200
committer: Olivier Houchard <cognet@ci0.org> Wed Apr 22 22:03:32 2020 +0200
tree: d51983181ad6ea110cd6ecb21343e3a91752a93d
parent: b203ff6e20bc80363ebfc7204e7fdd1ae656e046 [diff] [blame]
diff --git a/src/http_ana.c b/src/http_ana.c
index dd513e9..e0fe67e 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c

@@ -1824,7 +1824,7 @@
 		ctx.blk = NULL;
 		while (http_find_header(htx, hdr, &ctx, 0)) {
 			if ((ctx.value.len >= 9 && word_match(ctx.value.ptr, ctx.value.len, "Negotiate", 9)) ||
-			    (ctx.value.len >= 4 && word_match(ctx.value.ptr, ctx.value.len, "NTLM", 4))) {
+			    (ctx.value.len >= 4 && !memcmp(ctx.value.ptr, "NTLM", 4))) {
 				sess->flags |= SESS_FL_PREFER_LAST;
 				srv_conn->flags |= CO_FL_PRIVATE;
 			}
commit	9df188695fbf1ff17de3861ec5b281365800c7f0	[log] [tgz]
author	Olivier Houchard <cognet@ci0.org>	Wed Apr 22 21:51:14 2020 +0200
committer	Olivier Houchard <cognet@ci0.org>	Wed Apr 22 22:03:32 2020 +0200
tree	d51983181ad6ea110cd6ecb21343e3a91752a93d
parent	b203ff6e20bc80363ebfc7204e7fdd1ae656e046 [diff] [blame]