http proxy executable bug fix

Moderator: Project members

Post Reply
Message
Author
cmontiers
500 Command not understood
Posts: 1
Joined: 2015-02-22 18:46
First name: Carlos
Last name: Montiers

http proxy executable bug fix

#1 Post by cmontiers » 2015-02-22 19:34

Hello.
Filezilla client 3.10.1.1 and 3.10.2-rc1 have a bug when you use generic proxy HTTP/1.1 using CONNECT method. It always send Proxy-Authorization: Basic header, even if you not provide a user, thus if the proxy not use user and password, it fails.

I see the code under src\engine\proxy.cpp and seems correct, on function: int CProxySocket::Handshake
always the "challenge" variable is initialized.

If the user is empty, "challenge" is initialized to NULL or in the code:

Code: Select all

(size_t)0;
The bug is in the executable, maybe because use optimization -O2 in the compiler.

I patched the executable.

For patch you need replace few bytes:

This is the file httpproxy-patch.txt :

httpproxy-patch.txt

Code: Select all

# Patch for Filezilla client 3.10.1.1
# Fixes problem using option Generic proxy: HTTP/1.1 using CONNECT method
# The "Proxy-Authorization: Basic" header was sent even if a user is not provided.
# patch by Carlos Montiers Aguilera
File: filezilla.exe
297C4E: 31C0528B55D089025A90E936        [ C785B0FEFFFF17000000E93F ]
For patch it you need the utility bwpatchw.exe from here:

Code: Select all

http://adoxa.altervista.org/misc/dl.php?f=bwpatch-w

This is a example of the patching under windows:

Code: Select all

bwpatchw.exe filezilla.exe -f httpproxy-patch.txt
Also you can replace the hexadecimal bytes

Code: Select all

C785B0FEFFFF17000000E93F
with

Code: Select all

31C0528B55D089025A90E936
at offset

Code: Select all

297C4E
using a hexadecimal editor.

If you look the output of the fc command you will look this:

Code: Select all

C:\patch>fc/B "C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe" C:\patch\filezilla.exe
Comparing files C:\PROGRAM FILES (X86)\FILEZILLA FTP CLIENT\filezilla.exe and C:\PATCH\FILEZILLA.EXE
00297C4E: C7 31
00297C4F: 85 C0
00297C50: B0 52
00297C51: FE 8B
00297C52: FF 55
00297C53: FF D0
00297C54: 17 89
00297C55: 00 02
00297C56: 00 5A
00297C57: 00 90
00297C59: 3F 36

Carlos.
Last edited by cmontiers on 2015-02-23 12:09, edited 1 time in total.

User avatar
botg
Site Admin
Posts: 33119
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: proxy executable bug

#2 Post by botg » 2015-02-22 21:59

What about a patch to the source code?

Post Reply