Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Jan 2019 08:53:50 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 234962] Base64 Encoding in phttpget is faulty
Message-ID:  <bug-234962-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234962

            Bug ID: 234962
           Summary: Base64 Encoding in phttpget is faulty
           Product: Base System
           Version: 12.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: kopplow.tim@gmail.com

This issue breaks freebsd-update for proxy users who needs to authenticate =
with
username and password and have username:password combinations which are in =
not
a multiple of 3 in combined length.

Due to an issue with the Base64 Filling which is not applied correctly many
username:password combinations provided via the HTTP_PROXY_AUTH Environment
Variable are not encoded correctly for the use of the HTTP Proxy-Authentica=
tion
Header.

Replicability should be 100% and this issue seem to exists since Version 7
already and is really annoying.

I compiled a version of phttpget with an alternate Base64 Encoding
Implementation to confirm this issue and got it to work.

Test Scenario:

- Environment: System needs to be behind Proxy Server with Authentication

 - Set HTTP_PROXY_AUTH to "basic:*:Hey:Base64!!" (Username:Password portion=
 is
12 Characters long)
 - run /usr/libexec/phttpget to download any file
 - Download should work since the "Hey:Base64!!" is 12 Chars in total which
doesn't require Base64 to fill with "=3D" chars.
 - Set HTTP_PROXY_AUTH to "basic:*:Hey:Base64" (Username:Password portion i=
s 10
Characters long)
 - Download shouldn't work since the filling is getting applied wrong and
results in "SGV5OkJhc2U2NAA=3D" which is not correct.

Possible related issues:
 - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D129431
 - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D153211

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234962-227>