### Basic information Background: https://github.com/foxyproxy/firefox-extension/issues/212 Steps to Reproduce: 1. Add a user in linux system , change it's password to non-ASCII chars. 2. Configure a `dante` socks proxy 3. Install Addon `FoxyProxy` and configure proxy to `dante` socks proxy with user and its passowrd 4. use socat as mitm to observe socks5 traffic. Expected Results: Proxy works, webpage opened. Actual Results: Proxy refused to connect due to wrong password. ------------------------------ Some analysis: https://github.com/foxyproxy/firefox-extension/issues/212#issuecomment-1719690377 > Some further digging: >After this line https://searchfox.org/mozilla-central/source/toolkit/components/extensions/ProxyChannelFilter.sys.mjs#232 , the password in proxyInfo is changed from "你好" to "`}" >I guess that when passing from JavaScript to c , password (in type ACString) is treat as narrow string , but underlying wide string. >I just do a test , set host to "你好" in foxy and then proxyInfo.host is just the same , because its type is AUTF8String so the JavaScript to c conversion is correct. >Ref https://searchfox.org/mozilla-central/source/netwerk/base/nsIProtocolProxyService.idl#194 >Ref https://firefox-source-docs.mozilla.org/xpcom/stringguide.html >Not sure if changing idl will fix this "https://searchfox.org/mozilla-central/source/`__GENERATED__`/dist/include/nsIProtocolProxyService.h#102-103" ```c /* nsIProxyInfo newProxyInfoWithAuth (in ACString aType, in AUTF8String aHost, in long aPort, in ACString aUsername, in ACString aPassword, in ACString aProxyAuthorizationHeader, in ACString aConnectionIsolationKey, in unsigned long aFlags, in unsigned long aFailoverTimeout, in nsIProxyInfo aFailoverProxy); */ NS_IMETHOD NewProxyInfoWithAuth(const nsACString& aType, const nsACString& aHost, int32_t aPort, const nsACString& aUsername, const nsACString& aPassword, const nsACString& aProxyAuthorizationHeader, const nsACString& aConnectionIsolationKey, uint32_t aFlags, uint32_t aFailoverTimeout, nsIProxyInfo *aFailoverProxy, nsIProxyInfo **_retval) = 0; ``` > in idl host is AUTF8String , but in c definition it is also nsACString. > So i guess change username/password in idl from ACString to AUTF8String would help ? ------------- I tested a build of firefox with change username/password in idl from ACString to AUTF8String would help and **it helps**. --------------- Example dante conf file /etc/sockd.conf ``` socksmethod: username clientmethod: none user.privileged: root user.unprivileged: root internal: 0.0.0.0 port = 8888 external: ens33 client pass { from: 0.0.0.0/0 to: 0.0.0.0/0 } socks pass { from: 0.0.0.0/0 to: 0.0.0.0/0 } ``` run dante with `sudo sockd` socat mitm: `socat -x -v -d TCP4-LISTEN:6666,fork,reuseaddr TCP4:127.0.0.1:8888` configure foxyyproxy to socks5 , host: 127.0.0.1 port 6666
Bug 1853203 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
### Basic information Background: https://github.com/foxyproxy/firefox-extension/issues/212 Steps to Reproduce: 1. Add a user in linux system , change it's password to non-ASCII chars. 2. Configure a `dante` socks proxy 3. Install Addon `FoxyProxy` and configure proxy to `dante` socks proxy with user and its passowrd 4. use socat as mitm to observe socks5 traffic. Expected Results: Proxy works, webpage opened. Actual Results: Proxy refused to connect due to wrong password. ------------------------------ Some analysis: https://github.com/foxyproxy/firefox-extension/issues/212#issuecomment-1719690377 > Some further digging: >After this line https://searchfox.org/mozilla-central/source/toolkit/components/extensions/ProxyChannelFilter.sys.mjs#232 , the password in proxyInfo is changed from "你好" to "`}" >I guess that when passing from JavaScript to c , password (in type ACString) is treat as narrow string , but underlying wide string. >I just do a test , set host to "你好" in foxy and then proxyInfo.host is just the same , because its type is AUTF8String so the JavaScript to c conversion is correct. >Ref https://searchfox.org/mozilla-central/source/netwerk/base/nsIProtocolProxyService.idl#194 >Ref https://firefox-source-docs.mozilla.org/xpcom/stringguide.html >Not sure if changing idl will fix this "https://searchfox.org/mozilla-central/source/`__GENERATED__`/dist/include/nsIProtocolProxyService.h#102-103" ```c /* nsIProxyInfo newProxyInfoWithAuth (in ACString aType, in AUTF8String aHost, in long aPort, in ACString aUsername, in ACString aPassword, in ACString aProxyAuthorizationHeader, in ACString aConnectionIsolationKey, in unsigned long aFlags, in unsigned long aFailoverTimeout, in nsIProxyInfo aFailoverProxy); */ NS_IMETHOD NewProxyInfoWithAuth(const nsACString& aType, const nsACString& aHost, int32_t aPort, const nsACString& aUsername, const nsACString& aPassword, const nsACString& aProxyAuthorizationHeader, const nsACString& aConnectionIsolationKey, uint32_t aFlags, uint32_t aFailoverTimeout, nsIProxyInfo *aFailoverProxy, nsIProxyInfo **_retval) = 0; ``` > in idl host is AUTF8String , but in c definition it is also nsACString. > So i guess change username/password in idl from ACString to AUTF8String would help ? ------------- I tested a build of firefox with changing username/password in idl from ACString to AUTF8String and **it works**. --------------- Example dante conf file /etc/sockd.conf ``` socksmethod: username clientmethod: none user.privileged: root user.unprivileged: root internal: 0.0.0.0 port = 8888 external: ens33 client pass { from: 0.0.0.0/0 to: 0.0.0.0/0 } socks pass { from: 0.0.0.0/0 to: 0.0.0.0/0 } ``` run dante with `sudo sockd` socat mitm: `socat -x -v -d TCP4-LISTEN:6666,fork,reuseaddr TCP4:127.0.0.1:8888` configure foxyyproxy to socks5 , host: 127.0.0.1 port 6666