On Sun, Jul 15, 2018 at 4:42 PM, Denys Vlasenko <[email protected]> wrote: > On Fri, Jul 6, 2018 at 3:46 PM, Jim Knopf <[email protected]> wrote: >> Hello list, >> >> >> the httpd applet's proxy feature has glitches. The promise is, quote >> >> P:/url:[http://]hostname[:port]/new/path >> # When /urlXXXXXX is requested, reverse proxy >> # it to http://hostname[:port]/new/pathXXXXXX >> >> urlcopy is not a true copy anymore when it is fdprint'ed to proxy_fd, >> this is because percent_decode_in_place() is called after the copy >> is created. >> >> Not fixing this breaks reverse proxying all URIs containing percent >> encoded spaces, e.g. - because a decoded URI will be printed out >> to proxy_fd instead of the original. >> >> The fix keeps the logic in place to canonicalize the uri first, before >> reverse proxying (one could argue that the uri should be proxied >> completely unaltered, except for the prefix rewrite), but percent >> (re-)encodes the (canonicalized) string before it is used. >> >> Please find attached patch that is tried and tested to work. > > Uh... this looks really not nice... can you test the following approach > to this problem? Basically, do not percent-decode if proxy matches: > > --- a/networking/httpd.c > +++ b/networking/httpd.c > @@ -2184,13 +2184,21 @@ static void handle_incoming_and_exit(const > len_and_sockaddr *fromAddr) > g_query = tptr; > } > > - /* Decode URL escape sequences */ > - tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1); > - if (tptr == NULL) > - send_headers_and_exit(HTTP_BAD_REQUEST); > - if (tptr == urlcopy + 1) { > - /* '/' or NUL is encoded */ > - send_headers_and_exit(HTTP_NOT_FOUND); > +#if ENABLE_FEATURE_HTTPD_PROXY > + proxy_entry = find_proxy_entry(urlcopy); > + if (proxy_entry) > + header_buf = header_ptr = xmalloc(IOBUF_SIZE); > + else > +#endif > + { > + /* Decode URL escape sequences */ > + tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1); > + if (tptr == NULL) > + send_headers_and_exit(HTTP_BAD_REQUEST); > + if (tptr == urlcopy + 1) { > + /* '/' or NUL is encoded */ > + send_headers_and_exit(HTTP_NOT_FOUND); > + } > } > > /* Canonicalize path */ > @@ -2252,12 +2260,6 @@ static void handle_incoming_and_exit(const > len_and_sockaddr *fromAddr) > *tptr = '/'; > } > > -#if ENABLE_FEATURE_HTTPD_PROXY > - proxy_entry = find_proxy_entry(urlcopy); > - if (proxy_entry) > - header_buf = header_ptr = xmalloc(IOBUF_SIZE); > -#endif > - > if (http_major_version >= '0') { > /* Request was with "... HTTP/nXXX", and n >= 0 */
Jim, is it working for you? _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
