Package: davfs2 Version: 1.5.2-1 Severity: normal Dear Maintainer,
Davfs2 fails to accept/parse cookies and therefore Novell drives can't be mounted, as Novell uses session cookies. There are 2 problems in src/webdav.c: get_cookies() 1. Cookies are only accepted for status codes 2xx and 3xx. But novell sends the cookie header in an "Authorization required" response with status 4xx. According to rfc6265: "User agents [...] MUST process Set-Cookie headers contained in other responses (including responses with 400- and 500-level status codes)." So I think this restriction can be removed. 2. Cookies are ignored, if their value ends with a `='. This is regularly the case with Base64 encoded values. Attached patch fixes both problems. It was created for 1.5.2, but it also applies to 1.5.4. Cheers, harry PS: I would have reported this upstream, but I'm not allowed to. -- System Information: Debian Release: jessie/sid APT prefers vivid-updates APT policy: (500, 'vivid-updates'), (500, 'vivid-security'), (500, 'vivid'), (100, 'vivid-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-64-generic (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=de_AT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages davfs2 depends on: ii adduser 3.113+nmu3ubuntu3 ii debconf [debconf-2.0] 1.5.55ubuntu2 ii libc6 2.21-0ubuntu4 ii libneon27 0.30.1-1 davfs2 recommends no packages. davfs2 suggests no packages. -- Configuration Files: /etc/davfs2/davfs2.conf changed [not included] /etc/davfs2/secrets [Errno 13] Permission denied: u'/etc/davfs2/secrets' -- debconf information excluded
Index: davfs2-1.5.2/src/webdav.c =================================================================== --- davfs2-1.5.2.orig/src/webdav.c +++ davfs2-1.5.2/src/webdav.c @@ -1728,14 +1728,10 @@ file_reader(void *userdata, const char * When a cookie with the same name as an already stored cookie, but with a different value is received, it's value is updated if necessary. Only n_cookies cookies will be stored. If the server sends more - different cookies these will be ignored. - status must be of class 2XX or 3XX, otherwise the cookie is ignored. */ + different cookies these will be ignored. */ static void get_cookies(ne_request *req, void *userdata, const ne_status *status) { - if (status->klass != 2 && status->klass != 3) - return; - const char *cookie_hdr = ne_get_response_header(req, "Set-Cookie"); if (!cookie_hdr) return; @@ -1758,14 +1754,13 @@ get_cookies(ne_request *req, void *userd while (end > start && *(end - 1) == ' ') end--; - if ((start + 4) > end || *start == '=' || *(end - 1) == '=') - continue; - char *es = strchr(start, '='); if (!es) continue; size_t nl = es - start; size_t vl = end - es - 1; + if (nl == 0 || vl == 0) + continue; int i = 0; for (i = 0; i < n_cookies; i++) {