[stunnel-users] Incompatibility - Content-length parsing

Michal Trojnara Michal.Trojnara at mirt.net
Wed May 13 16:58:10 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Marcin,

This should fix it:

diff --git a/src/protocol.c b/src/protocol.c
index 16b87e7..8eb8dee 100644
- --- a/src/protocol.c
+++ b/src/protocol.c
@@ -980,6 +980,9 @@ NOEXPORT void ntlm(CLI *c, SERVICE_OPTIONS *opt) {
             ntlm2_txt=str_dup(line+25);
         else if(is_prefix(line, "Content-Length: ")) {
             content_length=strtol(line+16, &tmpstr, 10);
+            if(tmpstr>line+16) /* found some digits */
+                while(*tmpstr && isspace(*tmpstr))
+                    ++tmpstr;
             if(tmpstr==line+16 || *tmpstr || content_length<0) {
                 s_log(LOG_ERR, "Proxy-Authenticate: Invalid
Content-Length");
                 str_free(line);

You may also try stunnel 5.18b1:
https://www.stunnel.org/downloads.html

Mike

On 13.05.2015 13:38, Marcin Gryszkalis wrote:
> Hi,
> 
> I noticed that parsing of HTTP header fields is not robust enough
> and not RFC compliant - and that way it casues incompatibility
> with Microsoft TMG proxy with NTLM authentication.
> 
> The symptom is "Proxy-Authenticate: Invalid Content-Length"
> message while the header received is "Content-Length: 0     " <-
> note trailing spaces.
> 
> The responsible piece of code is in protocol.c: if(tmpstr==line+16
> || *tmpstr || content_length<0) {
> 
> (tmpstr contains trailing spaces in this case).
> 
> 
> According to RFC 7230 trailing space is allowed and should be
> discarded by parser:
> 
> A field value might be preceded and/or followed by optional 
> whitespace (OWS); a single SP preceding the field-value is
> preferred for consistent readability by humans.  The field value
> does not include any leading or trailing whitespace: OWS occurring
> before the first non-whitespace octet of the field value or after
> the last non-whitespace octet of the field value ought to be
> excluded by parsers when extracting the field value from a header
> field.
> 
> 
> best regards
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVU2aCAAoJEC78f/DUFuAUuhEQAM5N1CsDH4d963HIaV4f7dYh
uq63Sk7tvZOMNJVp6u4S5I6d6pVqX1tMWj171iEX+e7kvgoyL0tYAvIjigsiP7DA
DwKn366bgdeDOyhZzBhWHkHgdMYKR6AqfysAAelR81hpR1v7wAelWMB8X5t8XwAQ
jnrYlZb0rTCGCd3G/pCQuqoKQYNxZ9rzFweh0Vd8Dnm2qp4xQOhta2meJbPtcdHN
3s31Fs56UalKEI6iZWe5YtbStosz54nFWowblCI/ejL/RJU2WmrK9ujW9iuOJVht
dXccjv1qRrST6JWnv72mTI0KyI2W4hOq3HFp16IW0qhpsJ7d04AgRCUdEjaWCc4w
/jJSHhiPJ0wTMstxEW1dRpZzW11CERieyb/hw10mUtGTKVfsVhyuXEL1tOtQphJp
Z3bUN8l/Yqb0RkV3YM9rIS5ksUT9Q0sNdNhXvuLqE7D8K46vgFCNn6xGjJcqxoop
nXSA0a9pl2Oi5RUElQ/0AHJMTIe4qrPzjeQM2b941fOSf7e6xd9cxv4duqT499mn
e5tFl5/EsJzbn4zQt2eRPQ0hpvzjRdWRnGWLHN3/hruL5FLxJPP3XWY6dldskI6V
QwEPRc25F+RpOCfogAIad8X6q83f674ycieQdMWN5p2m6inPs6Mrt1JACkttJ4gy
Xw/OdvYl2lkI8DDhO5FM
=g2/0
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list