On Wed, 14 Apr 2010 18:10:04 +0100, "Niall O'Cuilinn"
<nocuilinn_at_amdocs.com> wrote:
> Hi
>
> I had a look at the null-body values. They correctly match the length of
> the HTTP 302 response headers block. The extra two bytes is an extra
line
> return. You can see that after the last header there are three '\r\n'
line
> returns. I tried removing one of them but the result was the same.
>
> I also turned on more detailed debug logging and found this in the
> cache.log:
>
> ----------
> 2010/04/14 17:03:05.494| HttpReply::sanityCheckStartLine: missing or
> invalid status number in 'HTTP/1.x 302 Found
> content-type: text/html
> location:
>
https://localhost:8443/mib/authentication/checkCookie?backURL=http%3A%2F%2Fc.proxy.com%2Fwww.google.ie
>
> '
> ---------
>
> I changed the ICAP Server to return 'HTTP/1.0' instead of 'HTTP/1.x' and
> now it is working.
>
> This worked using 'HTTP/1.x' on Squid 3.0. The version I'm using is
> Squid3.1.1
>
> Thanks
> Niall
Looks like your previous version of 3.0 was vulnerable to CVE2009-2622.
Squid-3.1.1 is fixed.
Amos
Received on Wed Apr 14 2010 - 23:33:29 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 15 2010 - 12:00:04 MDT