Bug 129431 - freebsd-update(8) fetch fails because phttpget fails proxy auth
Summary: freebsd-update(8) fetch fails because phttpget fails proxy auth
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 7.0-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
Depends on:
Reported: 2008-12-05 07:50 UTC by David
Modified: 2019-03-12 23:00 UTC (History)
4 users (show)

See Also:

phttpget.patch (746 bytes, patch)
2010-02-05 08:11 UTC, normunds
no flags Details | Diff
b64enc fix and use fetch API (2.41 KB, patch)
2019-01-15 18:15 UTC, Gerald Aryeetey
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description David 2008-12-05 07:50:01 UTC
phhtpget won't interpret an HTTP_PROXY env var that includes auth information
(which';fetch' needs) correctly.
It has to do this because ;fetch; won't fetch without this info, as 
trying to use HTTP_PROXY_AUTH instead doesn't work at all with fetch.


How-To-Repeat: so with
phttpget (as used by FreeBSD7.0 freebsd-update) will return stuff 

Fetching 2 metadata patches...
/usr/libexec/phttpget update1.FreeBSD.org 7.0-
phttpget: host = user, port = password@proxy.name.com:3128: servname 
not supported for ai_socktype

and will in fact try to install those patches without reporting an error.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2009-03-02 02:04:49 UTC
Responsible Changed
From-To: freebsd-bugs->cperciva

Over to maintainer.
Comment 2 normunds 2010-02-05 08:11:09 UTC
Probably this patch would help on
HTTP_PROXY=http://user:pwd@proxy.example.com:8080 problem.

Best regards,
Comment 3 ted 2012-07-11 20:56:28 UTC

I applied the submitted patch to phttpget and tested it on one of our 
lab machines that runs
FreeBSD 9.0-Release amd64 and sits behind a HTTP proxy with required 
The patch worked without a problem.

This patch would also solve misc/126131.

//Ted Henriksson
Comment 4 Stephen K. Karanja 2015-01-21 11:48:57 UTC

Just reporting that Normunds' patch worked for me too.
FreeBSD 9.0-Release amd64 behind a HTTP proxy server with required authentication.

Kind Regards,
Stephen K. Karanja
Comment 5 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:44:30 UTC
batch change:

For bugs that match the following
-  Status Is In progress 
- Untouched since 2018-01-01.
- Affects Base System OR Documentation


Reset to open status.

I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
Comment 6 tim 2019-01-14 11:09:47 UTC
I found the root cause. 

There's a bug with the Base64 Encoding within the b64enc function. 
The Filling isn't applied in most of the cases.

For example: 

"Hey:Base64" should be encoded to "SGV5OkJhc2U2NA=="
But due to wrong filling it's getting encoded to "SGV5OkJhc2U2NAA=".

This can be replicated with every "username:password" combination where the combined length is not a multiple of 3 (due to the issue when filling comes in place).

So "H:B", "HE:Bas" and "Hey:Base6" as username and Password are fine for example.

Should be easy to replicate for the maintainer. I tested it myself with another Base64 Encoding Implementation by Jouni Melinen (which is apparently the fastest) and it worked flawlessly.
Comment 7 Gerald Aryeetey 2019-01-15 18:15:00 UTC
Created attachment 201165 [details]
b64enc fix and use fetch API

Concerning how phttpget parses HTTP_PROXY, I would suggest using fetchParseURL from <fetch.h> instead of parsing it manually (similar to how http_get_proxy() is handled). That way we can ensure it's parsed the same way as "fetch" does.

Additionally it seems like there's an off-by-one error in b64enc.

This patch showcases how the fetch API could be used and fixes b64enc.
Comment 8 Colin Percival freebsd_committer 2019-03-12 23:00:12 UTC
Drop freebsd-update PRs which were assigned to me.  I'm not working on this code any more.