Bugfix for httpd proxy feature

[Denys Vlasenko]

On Fri, Jul 6, 2018 at 3:46 PM, Jim Knopf <osm-berlin at firemail.de> wrote:
> Hello list,
>
>
> the httpd applet's proxy feature has glitches. The promise is, quote
>
> P:/url:[http://]hostname[:port]/new/path
> # When /urlXXXXXX is requested, reverse proxy
> # it to http://hostname[:port]/new/pathXXXXXX
>
> urlcopy is not a true copy anymore when it is fdprint'ed to proxy_fd,
> this is because percent_decode_in_place() is called after the copy
> is created.
>
> Not fixing this breaks reverse proxying all URIs containing percent
> encoded spaces, e.g. - because a decoded URI will be printed out
> to proxy_fd instead of the original.
>
> The fix keeps the logic in place to canonicalize the uri first, before
> reverse proxying (one could argue that the uri should be proxied
> completely unaltered, except for the prefix rewrite), but percent
> (re-)encodes the (canonicalized) string before it is used.
>
> Please find attached patch that is tried and tested to work.

Uh... this looks really not nice... can you test the following approach
to this problem? Basically, do not percent-decode if proxy matches:

--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2184,13 +2184,21 @@ static void handle_incoming_and_exit(const
len_and_sockaddr *fromAddr)
                g_query = tptr;
        }

-       /* Decode URL escape sequences */
-       tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1);
-       if (tptr == NULL)
-               send_headers_and_exit(HTTP_BAD_REQUEST);
-       if (tptr == urlcopy + 1) {
-               /* '/' or NUL is encoded */
-               send_headers_and_exit(HTTP_NOT_FOUND);
+#if ENABLE_FEATURE_HTTPD_PROXY
+       proxy_entry = find_proxy_entry(urlcopy);
+       if (proxy_entry)
+               header_buf = header_ptr = xmalloc(IOBUF_SIZE);
+       else
+#endif
+       {
+               /* Decode URL escape sequences */
+               tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1);
+               if (tptr == NULL)
+                       send_headers_and_exit(HTTP_BAD_REQUEST);
+               if (tptr == urlcopy + 1) {
+                       /* '/' or NUL is encoded */
+                       send_headers_and_exit(HTTP_NOT_FOUND);
+               }
        }

        /* Canonicalize path */
@@ -2252,12 +2260,6 @@ static void handle_incoming_and_exit(const
len_and_sockaddr *fromAddr)
                *tptr = '/';
        }

-#if ENABLE_FEATURE_HTTPD_PROXY
-       proxy_entry = find_proxy_entry(urlcopy);
-       if (proxy_entry)
-               header_buf = header_ptr = xmalloc(IOBUF_SIZE);
-#endif
-
        if (http_major_version >= '0') {
                /* Request was with "... HTTP/nXXX", and n >= 0 */