[Bug 234962] Base64 Encoding in phttpget is faulty

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234962

            Bug ID: 234962
           Summary: Base64 Encoding in phttpget is faulty
           Product: Base System
           Version: 12.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: kopplow.tim at gmail.com

This issue breaks freebsd-update for proxy users who needs to authenticate with
username and password and have username:password combinations which are in not
a multiple of 3 in combined length.

Due to an issue with the Base64 Filling which is not applied correctly many
username:password combinations provided via the HTTP_PROXY_AUTH Environment
Variable are not encoded correctly for the use of the HTTP Proxy-Authentication
Header.

Replicability should be 100% and this issue seem to exists since Version 7
already and is really annoying.

I compiled a version of phttpget with an alternate Base64 Encoding
Implementation to confirm this issue and got it to work.

Test Scenario:

- Environment: System needs to be behind Proxy Server with Authentication

 - Set HTTP_PROXY_AUTH to "basic:*:Hey:Base64!!" (Username:Password portion is
12 Characters long)
 - run /usr/libexec/phttpget to download any file
 - Download should work since the "Hey:Base64!!" is 12 Chars in total which
doesn't require Base64 to fill with "=" chars.
 - Set HTTP_PROXY_AUTH to "basic:*:Hey:Base64" (Username:Password portion is 10
Characters long)
 - Download shouldn't work since the filling is getting applied wrong and
results in "SGV5OkJhc2U2NAA=" which is not correct.

Possible related issues:
 - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=129431
 - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=153211

-- 
You are receiving this mail because:
You are the assignee for the bug.