Public bug reported:
Background:
Using the AUTH_FILE option reads the provided file and uses it to add
the "Proxy-Authorization" header to the request made to the proxy.
corkscrew.c:231
if ((argc == 6) || (argc == 7)) {
strncat(uri, "\nProxy-Authorization: Basic ", sizeof(uri) -
strlen(uri) - 1);
strncat(uri, base64_encode(up), sizeof(uri) - strlen(uri) - 1);
}
This uses an invalid newline for an HTTP request. \n is used, should be
\r\n.
What happens:
When used with apache as a forward proxy, for example, this causes a 400
error to be returned from the server. Using nc and crafting a request to
use \r\n instead, this works.
What I expect to happen:
The proxy request takes place.
Environment:
Description: Ubuntu 16.04.2 LTS
Release: 16.04
ii corkscrew 2.0-10 amd64 tunnel TCP
connections through HTTP proxies
** Affects: corkscrew (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1697507
Title:
AUTH_FILE option uses incorrect line ending in HTTP request
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/corkscrew/+bug/1697507/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
