Merge pull request #1 from bdwyertech/bdwyertech

Concurrency Fixes
aus · Apr 18, 2020 · fd17872 · fd17872
2 parents 49defe2 + 20a87f0
commit fd17872
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 15 deletions.
diff --git a/basic.go b/basic.go
@@ -20,14 +20,14 @@ func dialBasic(p Proxy, addr string, baseDial func() (net.Conn, error)) (net.Con
 	}
 
 	u := fmt.Sprintf("%s:%s", p.Username, p.Password)
-	h := p.Headers
+	h := p.Headers.Clone()
 	h.Set("Proxy-Authorization", fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(u))))
 	h.Set("Proxy-Connection", "Keep-Alive")
 	connect := &http.Request{
 		Method: "CONNECT",
 		URL:    &url.URL{Opaque: addr},
 		Host:   addr,
-		Header: *h,
+		Header: h,
 	}
 	if err := connect.Write(conn); err != nil {
 		debugf("basic> Could not write authorization message to proxy: %s", err)

diff --git a/connect.go b/connect.go
@@ -18,13 +18,13 @@ func dialAndNegotiateHTTP(p Proxy, addr string, baseDial func() (net.Conn, error
 	}
 
 	// build and write first CONNECT request
-	h := p.Headers
+	h := p.Headers.Clone()
 	h.Set("Proxy-Connection", "Keep-Alive")
 	connect := &http.Request{
 		Method: "CONNECT",
 		URL:    &url.URL{Opaque: addr},
 		Host:   addr,
-		Header: *p.Headers,
+		Header: h,
 	}
 	if err := connect.Write(conn); err != nil {
 		debugf("connect> CONNECT to proxy failed: %s", err)

diff --git a/negotiate_windows.go b/negotiate_windows.go
@@ -49,14 +49,14 @@ func dialNegotiate(p Proxy, addr string, baseDial func() (net.Conn, error)) (net
 	}
 	defer secctx.Release()
 
-	head := p.Headers
+	head := p.Headers.Clone()
 	head.Set("Proxy-Authorization", fmt.Sprintf("Negotiate %s", base64.StdEncoding.EncodeToString(token)))
 	head.Set("Proxy-Connection", "Keep-Alive")
 	connect := &http.Request{
 		Method: "CONNECT",
 		URL:    &url.URL{Opaque: addr},
 		Host:   addr,
-		Header: *head,
+		Header: head,
 	}
 	if err := connect.Write(conn); err != nil {
 		debugf("negotiate> Could not write token message to proxy: %s", err)

diff --git a/ntlm_other.go b/ntlm_other.go
@@ -68,14 +68,14 @@ func dialNTLM(p Proxy, addr string, baseDial func() (net.Conn, error)) (net.Conn
 		return conn, err
 	}
 
-	h := p.Headers
+	h := p.Headers.Clone()
 	h.Set("Proxy-Authorization", fmt.Sprintf("NTLM %s", base64.StdEncoding.EncodeToString(negotiateNTLMv1Message())))
 	h.Set("Proxy-Connection", "Keep-Alive")
 	connect := &http.Request{
 		Method: "CONNECT",
 		URL:    &url.URL{Opaque: addr},
 		Host:   addr,
-		Header: *h,
+		Header: h,
 	}
 	if err := connect.Write(conn); err != nil {
 		debugf("ntlm> Could not write negotiate message to proxy: %s", err)
@@ -126,14 +126,14 @@ func dialNTLM(p Proxy, addr string, baseDial func() (net.Conn, error)) (net.Conn
 	}
 
 	resp.Body.Close()
-	h = p.Headers
+	h = p.Headers.Clone()
 	h.Set("Proxy-Authorization", fmt.Sprintf("NTLM %s", base64.StdEncoding.EncodeToString(authenticate.Bytes())))
 	h.Set("Proxy-Connection", "Keep-Alive")
 	connect = &http.Request{
 		Method: "CONNECT",
 		URL:    &url.URL{Opaque: addr},
 		Host:   addr,
-		Header: *h,
+		Header: h,
 	}
 	if err := connect.Write(conn); err != nil {
 		debugf("ntlm> Could not write authenticate message to proxy: %s", err)

diff --git a/ntlm_windows.go b/ntlm_windows.go
@@ -10,6 +10,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"strings"
 
 	"github.com/alexbrainman/sspi"
 	"github.com/alexbrainman/sspi/ntlm"
@@ -45,14 +46,14 @@ func dialNTLM(p Proxy, addr string, baseDial func() (net.Conn, error)) (net.Conn
 	}
 	defer secctx.Release()
 
-	h := p.Headers
+	h := p.Headers.Clone()
 	h.Set("Proxy-Authorization", fmt.Sprintf("NTLM %s", base64.StdEncoding.EncodeToString(negotiate)))
 	h.Set("Proxy-Connection", "Keep-Alive")
 	connect := &http.Request{
 		Method: "CONNECT",
 		URL:    &url.URL{Opaque: addr},
 		Host:   addr,
-		Header: *h,
+		Header: h,
 	}
 	if err := connect.Write(conn); err != nil {
 		debugf("ntlm> Could not write negotiate message to proxy: %s", err)
@@ -70,7 +71,18 @@ func dialNTLM(p Proxy, addr string, baseDial func() (net.Conn, error)) (net.Conn
 		return conn, errors.New("Unexpected HTTP status code")
 	}
 
-	challenge, err := base64.StdEncoding.DecodeString(resp.Header["Proxy-Authenticate"][0][5:])
+	challengeHeaders, found := resp.Header["Proxy-Authenticate"]
+	if !found {
+		return conn, errors.New("did not receive a challenge from the server")
+	}
+	if len(challengeHeaders) != 1 {
+		return conn, errors.New("received malformed challenge from the server")
+	}
+	if len(challengeHeaders[0]) < 6 || !strings.HasPrefix(challengeHeaders[0], "NTLM ") {
+		return conn, errors.New("received malformed challenge from the server")
+	}
+
+	challenge, err := base64.StdEncoding.DecodeString(challengeHeaders[0][5:])
 	if err != nil {
 		debugf("ntlm> Could not read challenge response")
 		return conn, err
@@ -83,14 +95,14 @@ func dialNTLM(p Proxy, addr string, baseDial func() (net.Conn, error)) (net.Conn
 	}
 
 	resp.Body.Close()
-	h = p.Headers
+	h = p.Headers.Clone()
 	h.Set("Proxy-Authorization", fmt.Sprintf("NTLM %s", base64.StdEncoding.EncodeToString(authenticate)))
 	h.Set("Proxy-Connection", "Keep-Alive")
 	connect = &http.Request{
 		Method: "CONNECT",
 		URL:    &url.URL{Opaque: addr},
 		Host:   addr,
-		Header: *h,
+		Header: h,
 	}
 	if err := connect.Write(conn); err != nil {
 		debugf("ntlm> Could not write authenticate message to proxy: %s", err)