From 18918db3d2789aa293b96c99a3d65fcd29d30017 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 2 Aug 2019 14:05:08 -0700 Subject: [PATCH] Fix proxy username and password parsing. We are supposed to take the *last* (unescaped) @ sign as the separation between user:pass and hostname, not the first. So use strrchr() instead of strchr(). Conversely, the first colon is the separation between user and pass so strchr is still correct there. Also actually support unescaping the resulting username and password. Signed-off-by: David Woodhouse --- http.c | 6 +++++- www/changelog.xml | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/http.c b/http.c index 36995e12..bd531abc 100644 --- a/http.c +++ b/http.c @@ -28,6 +28,8 @@ #include #include +#include + #include "openconnect-internal.h" static int proxy_write(struct openconnect_info *vpninfo, char *buf, size_t len); @@ -1383,7 +1385,7 @@ int openconnect_set_http_proxy(struct openconnect_info *vpninfo, if (ret) goto out; - p = strchr(vpninfo->proxy, '@'); + p = strrchr(vpninfo->proxy, '@'); if (p) { /* Proxy username/password */ *p = 0; @@ -1393,7 +1395,9 @@ int openconnect_set_http_proxy(struct openconnect_info *vpninfo, if (p) { *p = 0; vpninfo->proxy_pass = strdup(p + 1); + xmlURIUnescapeString(vpninfo->proxy_pass, 0, vpninfo->proxy_pass); } + xmlURIUnescapeString(vpninfo->proxy_user, 0, vpninfo->proxy_user); } if (vpninfo->proxy_type && diff --git a/www/changelog.xml b/www/changelog.xml index 70436d27..0c391512 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -21,6 +21,7 @@
  • Add HMAC-SHA256-128 (RFC4868) support for ESP.
  • Support IPv6 in ESP.
  • Translate user-visible strings from openconnect_get_supported_protocols().
    • +
  • Fix proxy username/password handling to allow special characters and escaping.

  • OpenConnect v8.03 -- 2.49.0