Two related issues in the HTTP CONNECT proxy backend that together break
authenticated proxies whose user-id or password contains any non-alphanumeric
character. This is common with proxies that pack session info into the
user-id (for example a placeholder pair like `alice-foo:p_word` has both
problematic characters).
1. `credentials.to_string()` was used to build the Basic-auth header.
`UserKey::Display` percent-encodes the pair with the `NON_ALPHANUMERIC`
charset, so `alice-foo` becomes `alice%2Dfoo`, the b64 carries that
mangled string, the proxy cannot recover the original credentials and
answers with `407 Proxy Authentication Required`. RFC 7617 requires the
`user-id ":" password` pair to be base64-encoded verbatim, so the fix
reads the raw fields directly via a new `basic_auth_header_value`
helper that both `send_auth_data` and the regression test call.
2. The 407 handler then walked into a panic on `auth_data[..6]` when the
proxy answered with `Proxy-Authenticate: Basic` (5 bytes, no realm),
a perfectly legal short value. The unchecked slice killed the tokio
worker, the supervisor kept respawning it, and the surrounding
`Bad credentials` error path was never reached. A bounded
`slice::get(..6)` via a small `is_digest_scheme` helper makes the
classification total; the helper is shared with the regression test.
Also fixes a small typo (`datails` -> `details`) in the adjacent error
message.
Signed-off-by: DL6ER <[email protected]>
- Add CancellationToken parameter to `UdpGwClient::heartbeat_task` and make sleep cancellation-aware
- Update `process_socket_requests` to accept a CancellationToken and exit when cancelled
- Pass shutdown token into spawned socket and heartbeat tasks and log errors from them
- Add start/exit log messages for heartbeat and socket request handlers
Dominik
DL6ER
ssrlive
Alexander Olkhovoy
dependabot[bot]
Megatron King
B. Blechschmidt
Koi to Coco
Paper-Dragon