Bug in rfc1783_decode() in 3.4 and master

Jeremy Allison jra at samba.org
Fri Oct 30 14:47:33 MDT 2009

On Sat, Oct 31, 2009 at 12:13:01AM +1100, Andrew Bartlett wrote:
> I noticed doing some work in master that the current rfc1783_decode()
> has:
> 	while ((p=strchr(p,'+')))
> 		*p = ' ';
> As far as I can see, this was merged incorrectly from Samba4 when the
> string util code was brought back in common in Nov last year.  The
> Samba3 code is deliberately missing this loop, with this loop move to
> SWAT specificity. 
> Anyway, the long and the short of it is that ntlm_auth uses
> rfc1783_decode(), and when Squid calls the plaintext ntlm_auth helpers,
> it does not replace space characters with +, so this merge (I suspect)
> breaks squid. 

I can't find the spec that requires ' ' characters to be
replaced with '+' on encode. Which spec is this ? Why was this added ?
Shouldn't ' ' characters be converted to %20 instead ?

> I'm importing a full rfc1783 decode and encode impelementation from
> squid, but a patch to 3.4 may wish to just remove those lines. 

Yep, am preparing a patch to do just that.

> (Anyway, I'm tired, but I wanted to mention this before I merged in the
> replacement code)

I'm going to add a bug and fix this in all branches.


More information about the samba-technical mailing list