From ece81b7517b1af6f86aff733498f6c11d5aa814f Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 3 Aug 2016 21:17:26 +0200 Subject: fail on unsupported http/https proxy settings Closes: #623443 --- methods/http.cc | 2 ++ methods/https.cc | 14 +++++---- methods/https.h | 2 +- .../test-bug-623443-fail-on-bad-proxies | 33 ++++++++++++++++++++++ 4 files changed, 45 insertions(+), 6 deletions(-) create mode 100755 test/integration/test-bug-623443-fail-on-bad-proxies diff --git a/methods/http.cc b/methods/http.cc index 9fcc80103..c61ca1c3f 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -347,6 +347,8 @@ bool HttpServerState::Open() Port = ServerName.Port; Host = ServerName.Host; } + else if (Proxy.Access != "http") + return _error->Error("Unsupported proxy configured: %s", URI::SiteOnly(Proxy).c_str()); else { if (Proxy.Port != 0) diff --git a/methods/https.cc b/methods/https.cc index 50121ec4d..7c0c3241d 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -162,7 +162,7 @@ APT_PURE Hashes * HttpsServerState::GetHashes() /*{{{*/ } /*}}}*/ -void HttpsMethod::SetupProxy() /*{{{*/ +bool HttpsMethod::SetupProxy() /*{{{*/ { URI ServerName = Queue->Uri; @@ -184,12 +184,12 @@ void HttpsMethod::SetupProxy() /*{{{*/ // User want to use NO proxy, so nothing to setup if (UseProxy == "DIRECT") - return; + return true; // Parse no_proxy, a comma (,) separated list of domains we don't want to use // a proxy for so we stop right here if it is in the list if (getenv("no_proxy") != 0 && CheckDomainList(ServerName.Host,getenv("no_proxy")) == true) - return; + return true; if (UseProxy.empty() == true) { @@ -216,8 +216,10 @@ void HttpsMethod::SetupProxy() /*{{{*/ curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4A); else if (Proxy.Access == "socks") curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4); - else + else if (Proxy.Access == "http" || Proxy.Access == "https") curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_HTTP); + else + return false; if (Proxy.Port != 1) curl_easy_setopt(curl, CURLOPT_PROXYPORT, Proxy.Port); @@ -228,6 +230,7 @@ void HttpsMethod::SetupProxy() /*{{{*/ curl_easy_setopt(curl, CURLOPT_PROXYPASSWORD, Proxy.Password.c_str()); } } + return true; } /*}}}*/ // HttpsMethod::Fetch - Fetch an item /*{{{*/ // --------------------------------------------------------------------- @@ -247,7 +250,8 @@ bool HttpsMethod::Fetch(FetchItem *Itm) // - more debug options? (CURLOPT_DEBUGFUNCTION?) curl_easy_reset(curl); - SetupProxy(); + if (SetupProxy() == false) + return _error->Error("Unsupported proxy configured: %s", URI::SiteOnly(Proxy).c_str()); maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc")); diff --git a/methods/https.h b/methods/https.h index 2fa714c7b..8592570c6 100644 --- a/methods/https.h +++ b/methods/https.h @@ -64,7 +64,7 @@ class HttpsMethod : public ServerMethod static size_t write_data(void *buffer, size_t size, size_t nmemb, void *userp); static int progress_callback(void *clientp, double dltotal, double dlnow, double ultotal, double ulnow); - void SetupProxy(); + bool SetupProxy(); CURL *curl; // Used by ServerMethods unused by https diff --git a/test/integration/test-bug-623443-fail-on-bad-proxies b/test/integration/test-bug-623443-fail-on-bad-proxies new file mode 100755 index 000000000..04542e0cd --- /dev/null +++ b/test/integration/test-bug-623443-fail-on-bad-proxies @@ -0,0 +1,33 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" +setupenvironment +configarchitecture 'amd64' + +buildsimplenativepackage 'unrelated' 'all' '0.5~squeeze1' 'unstable' + +setupaptarchive --no-update +changetowebserver + +testsuccess apt update +rm -rf rootdir/var/lib/apt/lists + +export http_proxy=enrico:password@proxy-cache.localnet:3128 +testfailure apt update +unset http_proxy +testsuccess grep 'Unsupported proxy configured' rootdir/tmp/testfailure.output + +changetohttpswebserver + +testsuccess apt update +rm -rf rootdir/var/lib/apt/lists + +export http_proxy=enrico:password@proxy-cache.localnet:3128 +testfailure apt update +unset http_proxy +testsuccess grep 'Unsupported proxy configured' rootdir/tmp/testfailure.output + + + -- cgit v1.2.3