Fossil SCM
Bug in http.c: missing \r for Proxy-Authorization header
Fixed
da3fef0b21c37d7…
· opened 14 years, 10 months ago
- Type
- Code_Defect
- Priority
- —
- Severity
- Minor
- Resolution
- Fixed
- Subsystem
- —
- Created
- May 13, 2011 1:59 p.m.
Easiest to show the bug by just showing the patch:
--- src/http.c
+++ src/http.c
@@ -100,11 +100,11 @@
}else{
zSep = "/";
}
blob_appendf(pHdr, "POST %s%sxfer/xfer HTTP/1.0\r\n", g.urlPath, zSep);
if( g.urlProxyAuth ){
- blob_appendf(pHdr, "Proxy-Authorization: %s\n", g.urlProxyAuth);
+ blob_appendf(pHdr, "Proxy-Authorization: %s\r\n", g.urlProxyAuth);
}
if( g.urlPasswd && g.urlUser && g.urlPasswd[0]=='#' ){
char zCredentials = mprintf("%s:%s", g.urlUser, &g.urlPasswd[1]);
char zEncoded = encode64(zCredentials, -1);
blob_appendf(pHdr, "Authorization: Basic %s\r\n", zEncoded);
All HTTP headers should be terminated by a CRLF combination, not just an LF. Without the proper termination, some servers may reject the header.