===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ftp/fetch.c,v
retrieving revision 1.189
retrieving revision 1.190
diff -c -r1.189 -r1.190
*** src/usr.bin/ftp/fetch.c	2020/02/13 15:54:10	1.189
--- src/usr.bin/ftp/fetch.c	2020/02/19 07:29:53	1.190
***************
*** 1,4 ****
! /*	$OpenBSD: fetch.c,v 1.189 2020/02/13 15:54:10 jca Exp $	*/
  /*	$NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $	*/
  
  /*-
--- 1,4 ----
! /*	$OpenBSD: fetch.c,v 1.190 2020/02/19 07:29:53 yasuoka Exp $	*/
  /*	$NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $	*/
  
  /*-
***************
*** 316,322 ****
  	struct addrinfo hints, *res0, *res;
  	const char *savefile;
  	char *proxyurl = NULL;
! 	char *credentials = NULL;
  	int fd = -1, out = -1;
  	volatile sig_t oldintr, oldinti;
  	FILE *fin = NULL;
--- 316,322 ----
  	struct addrinfo hints, *res0, *res;
  	const char *savefile;
  	char *proxyurl = NULL;
! 	char *credentials = NULL, *proxy_credentials = NULL;
  	int fd = -1, out = -1;
  	volatile sig_t oldintr, oldinti;
  	FILE *fin = NULL;
***************
*** 399,405 ****
  	 * contain the path. Basic auth from RFC 2617, valid
  	 * characters for path are in RFC 3986 section 3.3.
  	 */
! 	if (proxyenv == NULL && (ishttpurl || ishttpsurl)) {
  		if ((p = strchr(host, '@')) != NULL) {
  			*p = '\0';
  			credentials = recode_credentials(host);
--- 399,405 ----
  	 * contain the path. Basic auth from RFC 2617, valid
  	 * characters for path are in RFC 3986 section 3.3.
  	 */
! 	if (ishttpurl || ishttpsurl) {
  		if ((p = strchr(host, '@')) != NULL) {
  			*p = '\0';
  			credentials = recode_credentials(host);
***************
*** 471,477 ****
  				warnx("Malformed proxy URL: %s", proxyenv);
  				goto cleanup_url_get;
  			}
! 			credentials = recode_credentials(host);
  			*path = '@'; /* restore @ in proxyurl */
  
  			/*
--- 471,477 ----
  				warnx("Malformed proxy URL: %s", proxyenv);
  				goto cleanup_url_get;
  			}
! 			proxy_credentials = recode_credentials(host);
  			*path = '@'; /* restore @ in proxyurl */
  
  			/*
***************
*** 615,621 ****
  
  #ifndef NOSSL
  		if (proxyenv && sslhost)
! 			proxy_connect(fd, sslhost, credentials);
  #endif /* !NOSSL */
  		break;
  	}
--- 615,621 ----
  
  #ifndef NOSSL
  		if (proxyenv && sslhost)
! 			proxy_connect(fd, sslhost, proxy_credentials);
  #endif /* !NOSSL */
  		break;
  	}
***************
*** 707,724 ****
  		 * Host: directive must use the destination host address for
  		 * the original URI (path).
  		 */
  		if (credentials)
! 			ftp_printf(fin, "GET %s HTTP/1.1\r\n"
! 			    "Connection: close\r\n"
! 			    "Proxy-Authorization: Basic %s\r\n"
! 			    "Host: %s\r\n%s%s\r\n\r\n",
! 			    epath, credentials,
! 			    proxyhost, buf ? buf : "", httpuseragent);
! 		else
! 			ftp_printf(fin, "GET %s HTTP/1.1\r\n"
! 			    "Connection: close\r\n"
! 			    "Host: %s\r\n%s%s\r\n\r\n",
! 			    epath, proxyhost, buf ? buf : "", httpuseragent);
  	} else {
  		if (verbose)
  			fprintf(ttyout, "Requesting %s\n", origline);
--- 707,723 ----
  		 * Host: directive must use the destination host address for
  		 * the original URI (path).
  		 */
+ 		ftp_printf(fin, "GET %s HTTP/1.1\r\n"
+ 		    "Connection: close\r\n"
+ 		    "Host: %s\r\n%s%s\r\n",
+ 		    epath, proxyhost, buf ? buf : "", httpuseragent);
  		if (credentials)
! 			ftp_printf(fin, "Authorization: Basic %s\r\n",
! 			    credentials);
! 		if (proxy_credentials)
! 			ftp_printf(fin, "Proxy-Authorization: Basic %s\r\n",
! 			    proxy_credentials);
! 		ftp_printf(fin, "\r\n");
  	} else {
  		if (verbose)
  			fprintf(ttyout, "Requesting %s\n", origline);
***************
*** 1117,1122 ****
--- 1116,1122 ----
  	free(proxyurl);
  	free(newline);
  	free(credentials);
+ 	free(proxy_credentials);
  	return (rval);
  }
  
***************
*** 1698,1704 ****
  {
  	int l;
  	char buf[1024];
! 	char *connstr, *hosttail, *port;
  
  	if (*host == '[' && (hosttail = strrchr(host, ']')) != NULL &&
  		(hosttail[1] == '\0' || hosttail[1] == ':')) {
--- 1698,1705 ----
  {
  	int l;
  	char buf[1024];
! 	char *connstr, *hosttail, *port, *crlf;
! 	ssize_t sz;
  
  	if (*host == '[' && (hosttail = strrchr(host, ']')) != NULL &&
  		(hosttail[1] == '\0' || hosttail[1] == ':')) {
***************
*** 1730,1736 ****
  #endif /* !SMALL */
  	if (write(socket, connstr, l) != l)
  		err(1, "Could not send connect string");
! 	read(socket, &buf, sizeof(buf)); /* only proxy header XXX: error handling? */
  	free(connstr);
  	return(200);
  }
--- 1731,1752 ----
  #endif /* !SMALL */
  	if (write(socket, connstr, l) != l)
  		err(1, "Could not send connect string");
! 	sz = read(socket, &buf, sizeof(buf) - 1);
! 	if (sz < 0)
! 		err(1, "Failed to receive response from proxy");
! 	/* XXX should not assume we could read entire response at once.  */
! 	buf[sz] = '\0';
! 	if ((strncmp(buf, "HTTP/1.0 ", 9) != 0 &&
! 	    strncmp(buf, "HTTP/1.1 ", 9) != 0) ||
! 	    (crlf = strstr(buf, "\r\n")) == NULL)
! 		errx(1, "Could not parse received response from proxy");
! 	*crlf = '\0';
! 	if (strncmp(buf + 9, "200 ", 4) != 0)
! 		errx(1, "CONNECT command on proxy failed: %s", buf + 9);
! 	*crlf = '\r';	/* revert CR */
! 	if ((crlf = strstr(buf, "\r\n\r\n")) == NULL)
! 		errx(1, "Could not read the end of response from proxy");
! 
  	free(connstr);
  	return(200);
  }