Hi,
I noticed that parsing of HTTP header fields is not robust enough and
not RFC compliant - and that way it casues incompatibility with
Microsoft TMG proxy with NTLM authentication.
The symptom is "Proxy-Authenticate: Invalid Content-Length" message
while the header received is "Content-Length: 0 " <- note trailing
spaces.
The responsible piece of code is in protocol.c:
if(tmpstr==line+16 || *tmpstr || content_length<0) {
(tmpstr contains trailing spaces in this case).
According to RFC 7230 trailing space is allowed and should be discarded
by parser:
A field value might be preceded and/or followed by optional
whitespace (OWS); a single SP preceding the field-value is preferred
for consistent readability by humans. The field value does not
include any leading or trailing whitespace: OWS occurring before the
first non-whitespace octet of the field value or after the last
non-whitespace octet of the field value ought to be excluded by
parsers when extracting the field value from a header field.
best regards
--
Marcin Gryszkalis, PGP 0xA5DBEEC7
jabber jid:[email protected]
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
