Bug#600196: libproxy0: incorrect HTTP implementation breaks proxy autoconfiguration (w/patch)

Julien-externe BLACHE julien-externe.blache at edf.fr
Thu Oct 14 14:34:17 UTC 2010 

Package: libproxy0
Version: 0.3.1-1
Severity: important
Tags: patch

Hi,

The HTTP implementation used in libproxy to retrieve the PAC file is 
sub-optimal and violates the HTTP 1.1 spec in several ways.

The attached patch fixes the incorrect parsing of HTTP headers; HTTP 
header names are case insensitive, but libproxy treats them as case 
sensitive. This leads to the PAC file retrieval failing, in turn making 
libproxy totally unusable on any installation where the PAC server doesn't 
send Content-Length and Content-Type headers with capital L and T in the 
header names.

The header parsing code also assumes that there is a single space between 
the colon and the header value, which is wrong.

Note that the latest, C++-infested releases of libproxy suffer from the 
same issues and should be fixed accordingly. The HTTP implementation is 
actually even worse in the recent versions.

Please apply, this fix is a must-have in Squeeze.

Thanks,

JB.

-- 
Consultant INTM - Debian Developer - TMI Calibre
EDF - DSP - CSP IT - ITS Rhône Alpes - C4S - CCNPS
04 69 65 68 56




Ce message et toutes les pièces jointes (ci-après le 'Message') sont établis à l'intention exclusive des destinataires et les informations qui y figurent sont strictement confidentielles. Toute utilisation de ce Message non conforme à sa destination, toute diffusion ou toute publication totale ou partielle, est interdite sauf autorisation expresse.

Si vous n'êtes pas le destinataire de ce Message, il vous est interdit de le copier, de le faire suivre, de le divulguer ou d'en utiliser tout ou partie. Si vous avez reçu ce Message par erreur, merci de le supprimer de votre système, ainsi que toutes ses copies, et de n'en garder aucune trace sur quelque support que ce soit. Nous vous remercions également d'en avertir immédiatement l'expéditeur par retour du message.

Il est impossible de garantir que les communications par messagerie électronique arrivent en temps utile, sont sécurisées ou dénuées de toute erreur ou virus.
____________________________________________________

This message and any attachments (the 'Message') are intended solely for the addressees. The information contained in this Message is confidential. Any use of information contained in this Message not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval.

If you are not the addressee, you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return message.

E-mail communication cannot be guaranteed to be timely secure, error or virus-free.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libproxy_pac_http_fix.patch
Type: application/octet-stream
Size: 986 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20101014/c14f49f7/attachment.obj>

More information about the pkg-gnome-maintainers mailing list