Bug in rfc1783_decode() in 3.4 and master
Jeremy Allison
jra at samba.org
Fri Oct 30 14:47:33 MDT 2009
On Sat, Oct 31, 2009 at 12:13:01AM +1100, Andrew Bartlett wrote:
> I noticed doing some work in master that the current rfc1783_decode()
> has:
>
> while ((p=strchr(p,'+')))
> *p = ' ';
>
> As far as I can see, this was merged incorrectly from Samba4 when the
> string util code was brought back in common in Nov last year. The
> Samba3 code is deliberately missing this loop, with this loop move to
> SWAT specificity.
>
> Anyway, the long and the short of it is that ntlm_auth uses
> rfc1783_decode(), and when Squid calls the plaintext ntlm_auth helpers,
> it does not replace space characters with +, so this merge (I suspect)
> breaks squid.
I can't find the spec that requires ' ' characters to be
replaced with '+' on encode. Which spec is this ? Why was this added ?
Shouldn't ' ' characters be converted to %20 instead ?
> I'm importing a full rfc1783 decode and encode impelementation from
> squid, but a patch to 3.4 may wish to just remove those lines.
Yep, am preparing a patch to do just that.
> (Anyway, I'm tired, but I wanted to mention this before I merged in the
> replacement code)
I'm going to add a bug and fix this in all branches.
Jeremy.
More information about the samba-technical
mailing list