simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Tue Dec 21 09:39:43 GMT 2021 

TL;DR:
  ce177428 HTTP proxy: correctly handle multiple auth headers.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2021-12-21 09:39:43

commit ce1774282c35c02867200607497fd300f46649cd
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=ce1774282c35c02867200607497fd300f46649cd;hp=99aac9c4f4f9b9153284b499668b3ba1300c9e67
Author: Simon Tatham <anakin at pobox.com>
Date:   Tue Dec 21 09:35:13 2021 +0000

    HTTP proxy: correctly handle multiple auth headers.
    
    This is a piece I forgot in the initial implementation of HTTP Digest:
    an HTTP server can send _more than one_ authentication request header
    (WWW-Authenticate for normal servers, Proxy-Authenticate for proxies),
    and if it does, they're supposed to be treated as alternatives to each
    other, so that the client chooses one to reply to.
    
    I suppose that technically we were 'complying' with that spec already,
    in that HttpProxyNegotiator would have read each new header and
    overwritten all the fields set by the previous one, so we'd always
    have gone with the last header presented by the server. But that seems
    inelegant: better to choose the one we actually like best.
    
    So now we do that. All the details of an auth header are moved out of
    the main HttpProxyNegotiator struct into a sub-struct we can have
    multiple copies of. Each new header is parsed into a fresh struct of
    that kind, and then we can compare it with the previous one and decide
    which we prefer.
    
    The preference order, naturally, is 'more secure is better': Digest
    beats Basic, and between two Digest headers, SHA-256 beats MD5. (And
    anything beats a header we can't make sense of at all.)
    
    Another side effect of this change is that a 407 response which
    contains _no_ Proxy-Authenticate headers will trigger an error message
    saying so, instead of just going with whatever happened to be left in
    the relevant variables from the previous attempt.

 proxy/cproxy.h |   3 +
 proxy/http.c   | 398 +++++++++++++++++++++++++++++++++++----------------------
 2 files changed, 250 insertions(+), 151 deletions(-)

More information about the tartarus-commits mailing list