fail on unsupported http/https proxy settings

Closes: #623443

4 files changed, 45 insertions, 6 deletions

diff --git a/methods/http.cc b/methods/http.cc
index 9fcc80103..c61ca1c3f 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -347,6 +347,8 @@ bool HttpServerState::Open()
 	 Port = ServerName.Port;
       Host = ServerName.Host;
    }
+   else if (Proxy.Access != "http")
+      return _error->Error("Unsupported proxy configured: %s", URI::SiteOnly(Proxy).c_str());
    else
    {
       if (Proxy.Port != 0)
diff --git a/methods/https.cc b/methods/https.cc
index 50121ec4d..7c0c3241d 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -162,7 +162,7 @@ APT_PURE Hashes * HttpsServerState::GetHashes()				/*{{{*/
 }
 									/*}}}*/
 
-void HttpsMethod::SetupProxy()						/*{{{*/
+bool HttpsMethod::SetupProxy()						/*{{{*/
 {
    URI ServerName = Queue->Uri;
 
@@ -184,12 +184,12 @@ void HttpsMethod::SetupProxy()						/*{{{*/
 
    // User want to use NO proxy, so nothing to setup
    if (UseProxy == "DIRECT")
-      return;
+      return true;
 
    // Parse no_proxy, a comma (,) separated list of domains we don't want to use    
    // a proxy for so we stop right here if it is in the list
    if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true)
-      return;
+      return true;
 
    if (UseProxy.empty() == true)
    {
@@ -216,8 +216,10 @@ void HttpsMethod::SetupProxy()						/*{{{*/
 	 curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4A);
       else if (Proxy.Access == "socks")
 	 curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4);
-      else
+      else if (Proxy.Access == "http" || Proxy.Access == "https")
 	 curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP);
+      else
+	 return false;
 
       if (Proxy.Port != 1)
 	 curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port);
@@ -228,6 +230,7 @@ void HttpsMethod::SetupProxy()						/*{{{*/
          curl_easy_setopt(curl, CURLOPT_PROXYPASSWORD, Proxy.Password.c_str());
       }
    }
+   return true;
 }									/*}}}*/
 // HttpsMethod::Fetch - Fetch an item					/*{{{*/
 // ---------------------------------------------------------------------
@@ -247,7 +250,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    //       - more debug options? (CURLOPT_DEBUGFUNCTION?)
 
    curl_easy_reset(curl);
-   SetupProxy();
+   if (SetupProxy() == false)
+      return _error->Error("Unsupported proxy configured: %s", URI::SiteOnly(Proxy).c_str());
 
    maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
 
diff --git a/methods/https.h b/methods/https.h
index 2fa714c7b..8592570c6 100644
--- a/methods/https.h
+++ b/methods/https.h
@@ -64,7 +64,7 @@ class HttpsMethod : public ServerMethod
    static size_t write_data(void *buffer, size_t size, size_t nmemb, void *userp);
    static int progress_callback(void *clientp, double dltotal, double dlnow,
 				 double ultotal, double ulnow);
-   void SetupProxy();
+   bool SetupProxy();
    CURL *curl;
 
    // Used by ServerMethods unused by https
diff --git a/test/integration/test-bug-623443-fail-on-bad-proxies b/test/integration/test-bug-623443-fail-on-bad-proxies
new file mode 100755
index 000000000..04542e0cd
--- /dev/null
+++ b/test/integration/test-bug-623443-fail-on-bad-proxies
@@ -0,0 +1,33 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+setupenvironment
+configarchitecture 'amd64'
+
+buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable'
+
+setupaptarchive --no-update
+changetowebserver
+
+testsuccess apt update
+rm -rf rootdir/var/lib/apt/lists
+
+export http_proxy=enrico:password@proxy-cache.localnet:3128
+testfailure apt update
+unset http_proxy
+testsuccess grep 'Unsupported proxy configured' rootdir/tmp/testfailure.output
+
+changetohttpswebserver
+
+testsuccess apt update
+rm -rf rootdir/var/lib/apt/lists
+
+export http_proxy=enrico:password@proxy-cache.localnet:3128
+testfailure apt update
+unset http_proxy
+testsuccess grep 'Unsupported proxy configured' rootdir/tmp/testfailure.output
+
+
+