From 5c0b85261bb986912bfd14eeec7d12d619e785ba Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 19 Dec 2011 19:12:49 +0000
Subject: [PATCH] Allow a challenge with no auth-params.

---
 ncat/http.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ncat/http.c b/ncat/http.c
index 669462de0..562756cd8 100644
--- a/ncat/http.c
+++ b/ncat/http.c
@@ -1292,8 +1292,23 @@ static const char *http_read_challenge(const char *s, struct http_challenge *cha
     free(scheme);
     scheme = NULL;
 
+    /* RFC 2617, section 1.2, requires at least one auth-param:
+         challenge = auth-scheme 1*SP 1#auth-param
+       But there are some schemes (NTLM and Negotiate) that can be without
+       auth-params, so we allow that here. A comma indicates the end of this
+       challenge and the beginning of the next (see the comment in the loop
+       below). */
     while (is_space_char(*s))
         s++;
+    if (*s == ',') {
+        s++;
+        while (is_space_char(*s))
+            s++;
+        if (*s == '\0')
+            goto bail;
+        return s;
+    }
+
     while (*s != '\0') {
         char *name, *value;