upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-05-27 20:02:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

BUG/MINOR: http-fetch: check against the whole token in get_http_auth()

Browse source 
In 1.4, Basic authentication support was added by commit f9423ae43a
("[MINOR] acl: add http_auth and http_auth_group"). Interestingly,
a mistake there consisted in taking the length of the comparison from
the input token, so "b" matches "Basic". It was later propagated to
Bearer in 2.5 with commit f5dd337b12 ("MINOR: http:
Add http_auth_bearer sample fetch"). Let's just compare the entire
tokens.

This may be backported though it is very minor.
This commit is contained in:
Willy Tarreau 2026-05-26 08:28:33 +02:00
parent ffdc91c4a1
commit e583b38c63
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/http_fetch.c
View file

@ -135,7 +135,7 @@ static int get_http_auth(struct sample *smp, struct htx *htx)
chunk_initlen(&txn->auth.method_data, p, 0, istend(ctx.value) - p);
if (!strncasecmp("Basic", auth_method.area, auth_method.data)) {
if (isteqi(ist2(auth_method.area, auth_method.data), ist("Basic"))) {
struct buffer *http_auth = get_trash_chunk();
len = base64dec(txn->auth.method_data.area,
@ -159,7 +159,7 @@ static int get_http_auth(struct sample *smp, struct htx *htx)
txn->auth.method = HTTP_AUTH_BASIC;
return 1;
} else if (!strncasecmp("Bearer", auth_method.area, auth_method.data)) {
} else if (isteqi(ist2(auth_method.area, auth_method.data), ist("Bearer"))) {
txn->auth.method = HTTP_AUTH_BEARER;
return 1;
}