From 91d1215d5b4fbeec1abdd7db4d15ce9192d4e022 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=CE=A3rebe=20-=20Romain=20GERARD?= <erebe@erebe.eu>
Date: Thu, 9 Nov 2023 17:18:38 +0100
Subject: [PATCH] fix(proxy): url decode password of http proxy

---
 Cargo.lock           | 7 +++++++
 Cargo.toml           | 1 +
 src/tcp.rs           | 2 ++
 src/tunnel/client.rs | 4 +++-
 4 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/Cargo.lock b/Cargo.lock
index e942125..a40648b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1468,6 +1468,12 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "urlencoding"
+version = "2.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
+
 [[package]]
 name = "utf-8"
 version = "0.7.6"
@@ -1640,6 +1646,7 @@ dependencies = [
  "tracing",
  "tracing-subscriber",
  "url",
+ "urlencoding",
  "uuid",
 ]
 
diff --git a/Cargo.toml b/Cargo.toml
index b72dcf7..2de4a56 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -23,6 +23,7 @@ jsonwebtoken = { version = "9.1.0",  default-features = false }
 rustls-pemfile = { version = "1.0.3", features = [] }
 bytes = { version = "1.5.0", features = [] }
 parking_lot = "0.12.1"
+urlencoding = "2.1.3"
 
 rustls-native-certs = { version = "0.6.3", features = [] }
 tokio = { version = "1.33.0", features = ["full"] }
diff --git a/src/tcp.rs b/src/tcp.rs
index 3403a92..f4ceed9 100644
--- a/src/tcp.rs
+++ b/src/tcp.rs
@@ -112,6 +112,8 @@ pub async fn connect_with_http_proxy(
     info!("Connected to http proxy {}:{}", proxy_host, proxy_port);
 
     let authorization = if let Some((user, password)) = proxy.password().map(|p| (proxy.username(), p)) {
+        let password =
+            urlencoding::decode(password).with_context(|| format!("Cannot urldecode proxy password: {}", password))?;
         let creds = base64::engine::general_purpose::STANDARD.encode(format!("{}:{}", user, password));
         format!("Proxy-Authorization: Basic {}\r\n", creds)
     } else {
diff --git a/src/tunnel/client.rs b/src/tunnel/client.rs
index 96a202a..745fa7d 100644
--- a/src/tunnel/client.rs
+++ b/src/tunnel/client.rs
@@ -102,7 +102,9 @@ where
 
     // Forward local tx to websocket tx
     let ping_frequency = client_cfg.websocket_ping_frequency;
-    tokio::spawn(super::io::propagate_read(local_rx, ws_tx, close_tx, Some(ping_frequency)).instrument(Span::current()));
+    tokio::spawn(
+        super::io::propagate_read(local_rx, ws_tx, close_tx, Some(ping_frequency)).instrument(Span::current()),
+    );
 
     // Forward websocket rx to local rx
     let _ = super::io::propagate_write(local_tx, ws_rx, close_rx).await;