Public bug reported: Background:
Using the AUTH_FILE option reads the provided file and uses it to add the "Proxy-Authorization" header to the request made to the proxy. corkscrew.c:231 if ((argc == 6) || (argc == 7)) { strncat(uri, "\nProxy-Authorization: Basic ", sizeof(uri) - strlen(uri) - 1); strncat(uri, base64_encode(up), sizeof(uri) - strlen(uri) - 1); } This uses an invalid newline for an HTTP request. \n is used, should be \r\n. What happens: When used with apache as a forward proxy, for example, this causes a 400 error to be returned from the server. Using nc and crafting a request to use \r\n instead, this works. What I expect to happen: The proxy request takes place. Environment: Description: Ubuntu 16.04.2 LTS Release: 16.04 ii corkscrew 2.0-10 amd64 tunnel TCP connections through HTTP proxies ** Affects: corkscrew (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1697507 Title: AUTH_FILE option uses incorrect line ending in HTTP request To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/corkscrew/+bug/1697507/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs