Bugfix for httpd proxy feature
Denys Vlasenko
vda.linux at googlemail.com
Sun Jul 15 14:42:48 UTC 2018
On Fri, Jul 6, 2018 at 3:46 PM, Jim Knopf <osm-berlin at firemail.de> wrote:
> Hello list,
>
>
> the httpd applet's proxy feature has glitches. The promise is, quote
>
> P:/url:[http://]hostname[:port]/new/path
> # When /urlXXXXXX is requested, reverse proxy
> # it to http://hostname[:port]/new/pathXXXXXX
>
> urlcopy is not a true copy anymore when it is fdprint'ed to proxy_fd,
> this is because percent_decode_in_place() is called after the copy
> is created.
>
> Not fixing this breaks reverse proxying all URIs containing percent
> encoded spaces, e.g. - because a decoded URI will be printed out
> to proxy_fd instead of the original.
>
> The fix keeps the logic in place to canonicalize the uri first, before
> reverse proxying (one could argue that the uri should be proxied
> completely unaltered, except for the prefix rewrite), but percent
> (re-)encodes the (canonicalized) string before it is used.
>
> Please find attached patch that is tried and tested to work.
Uh... this looks really not nice... can you test the following approach
to this problem? Basically, do not percent-decode if proxy matches:
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -2184,13 +2184,21 @@ static void handle_incoming_and_exit(const
len_and_sockaddr *fromAddr)
g_query = tptr;
}
- /* Decode URL escape sequences */
- tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1);
- if (tptr == NULL)
- send_headers_and_exit(HTTP_BAD_REQUEST);
- if (tptr == urlcopy + 1) {
- /* '/' or NUL is encoded */
- send_headers_and_exit(HTTP_NOT_FOUND);
+#if ENABLE_FEATURE_HTTPD_PROXY
+ proxy_entry = find_proxy_entry(urlcopy);
+ if (proxy_entry)
+ header_buf = header_ptr = xmalloc(IOBUF_SIZE);
+ else
+#endif
+ {
+ /* Decode URL escape sequences */
+ tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1);
+ if (tptr == NULL)
+ send_headers_and_exit(HTTP_BAD_REQUEST);
+ if (tptr == urlcopy + 1) {
+ /* '/' or NUL is encoded */
+ send_headers_and_exit(HTTP_NOT_FOUND);
+ }
}
/* Canonicalize path */
@@ -2252,12 +2260,6 @@ static void handle_incoming_and_exit(const
len_and_sockaddr *fromAddr)
*tptr = '/';
}
-#if ENABLE_FEATURE_HTTPD_PROXY
- proxy_entry = find_proxy_entry(urlcopy);
- if (proxy_entry)
- header_buf = header_ptr = xmalloc(IOBUF_SIZE);
-#endif
-
if (http_major_version >= '0') {
/* Request was with "... HTTP/nXXX", and n >= 0 */
More information about the busybox
mailing list