Hi,
the attached patch fixes a problem with the RPC-over-HTTP code not working
with NTLM/Kerberos authentication. A request must only be treated as an RPC if
the content length is between 128kB and 2GB.
With the patch it is no longer necessary to enforce Basic auth for
OutlookAnyhwere and the patch is the missing piece to support
TerminalServicesGateway/RemoteDesktopGateway.
Regards,
Frank
--- Pound-2.7a/http.c 2013-06-19 15:49:51.000000000 +0200
+++ Pound-2.7a.new/http.c 2013-06-19 15:43:24.000000000 +0200
@@ -725,9 +725,12 @@
case HEADER_CONTENT_LENGTH:
if(chunked || cont >= 0L)
headers_ok[n] = 0;
- else
+ else {
if((cont = ATOL(buf)) < 0L)
headers_ok[n] = 0;
+ if(is_rpc == 1 && (cont < 0x20000L || cont > 0x80000000L))
+ is_rpc = -1;
+ }
break;
case HEADER_ILLEGAL:
if(lstn->log_level > 0) {
@@ -1407,8 +1410,12 @@
case HEADER_CONTENT_LENGTH:
cont = ATOL(buf);
/* treat RPC_OUT_DATA like reply without content-length */
- if(is_rpc == 0 && cont == 0x40000000L)
- cont = -1L;
+ if(is_rpc == 0) {
+ if(cont >= 0x20000L && cont <= 0x80000000L)
+ cont = -1L;
+ else
+ is_rpc = -1;
+ }
break;
case HEADER_LOCATION:
if(v_host[0] && need_rewrite(lstn->rewr_loc, buf, loc_path, v_host, lstn, cur_backend)) {
