fix: URL-decode proxy username and password

In cases where the proxy username or password contains characters that cannot show up in URLs, they should be URL-encoded. This is to ensure backwards compatibility with the Mender client 3. Unfortunately, tinyproxy considers all special characters in the BasicAuth configuration entry as syntax error so we have no way to test this. Ticket: MEN-7402 Changelog: none Signed-off-by: Vratislav Podzimek <vratislav.podzimek@northern.tech>
mendersoftware · Jul 24, 2024 · 819d3d1 · 819d3d1
1 parent 6591220
commit 819d3d1
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/src/common/http/http.cpp b/src/common/http/http.cpp
@@ -197,7 +197,8 @@ expected::ExpectedString URLDecode(const string &value) {
 			unescaped << value[i];
 		} else {
 			if ((i + 2 >= len) || !isxdigit(value[i + 1]) || !(isxdigit(value[i + 2]))) {
-				return expected::unexpected(MakeError(InvalidUrlError, "Incomplete % sequence in '" + value + "'"));
+				return expected::unexpected(
+					MakeError(InvalidUrlError, "Incomplete % sequence in '" + value + "'"));
 			}
 			unsigned int num;
 			sscanf(value.substr(i + 1, 2).c_str(), "%x", &num);

diff --git a/src/common/http/platform/beast/http.cpp b/src/common/http/platform/beast/http.cpp
@@ -444,7 +444,15 @@ static inline error::Error AddProxyAuthHeader(OutgoingRequest &req, BrokenDownUr
 		// nothing to do
 		return error::NoError;
 	}
-	auto creds = proxy_address.username + ":" + proxy_address.password;
+	auto ex_dec_username = URLDecode(proxy_address.username);
+	auto ex_dec_password = URLDecode(proxy_address.password);
+	if (!ex_dec_username) {
+		return ex_dec_username.error();
+	}
+	if (!ex_dec_password) {
+		return ex_dec_password.error();
+	}
+	auto creds = ex_dec_username.value() + ":" + ex_dec_password.value();
 	auto ex_encoded_creds = crypto::EncodeBase64(common::ByteVectorFromString(creds));
 	if (!ex_encoded_creds) {
 		return ex_encoded_creds.error();