Jiiiiiiiiiiiiiiiiiiiiiiiiiiiiiim
On Tue, Jul 24, 2018 at 6:13 PM, Denys Vlasenko <[email protected]> wrote: > On Sun, Jul 15, 2018 at 4:42 PM, Denys Vlasenko > <[email protected]> wrote: >> On Fri, Jul 6, 2018 at 3:46 PM, Jim Knopf <[email protected]> wrote: >>> Hello list, >>> >>> >>> the httpd applet's proxy feature has glitches. The promise is, quote >>> >>> P:/url:[http://]hostname[:port]/new/path >>> # When /urlXXXXXX is requested, reverse proxy >>> # it to http://hostname[:port]/new/pathXXXXXX >>> >>> urlcopy is not a true copy anymore when it is fdprint'ed to proxy_fd, >>> this is because percent_decode_in_place() is called after the copy >>> is created. >>> >>> Not fixing this breaks reverse proxying all URIs containing percent >>> encoded spaces, e.g. - because a decoded URI will be printed out >>> to proxy_fd instead of the original. >>> >>> The fix keeps the logic in place to canonicalize the uri first, before >>> reverse proxying (one could argue that the uri should be proxied >>> completely unaltered, except for the prefix rewrite), but percent >>> (re-)encodes the (canonicalized) string before it is used. >>> >>> Please find attached patch that is tried and tested to work. >> >> Uh... this looks really not nice... can you test the following approach >> to this problem? Basically, do not percent-decode if proxy matches: >> >> --- a/networking/httpd.c >> +++ b/networking/httpd.c >> @@ -2184,13 +2184,21 @@ static void handle_incoming_and_exit(const >> len_and_sockaddr *fromAddr) >> g_query = tptr; >> } >> >> - /* Decode URL escape sequences */ >> - tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1); >> - if (tptr == NULL) >> - send_headers_and_exit(HTTP_BAD_REQUEST); >> - if (tptr == urlcopy + 1) { >> - /* '/' or NUL is encoded */ >> - send_headers_and_exit(HTTP_NOT_FOUND); >> +#if ENABLE_FEATURE_HTTPD_PROXY >> + proxy_entry = find_proxy_entry(urlcopy); >> + if (proxy_entry) >> + header_buf = header_ptr = xmalloc(IOBUF_SIZE); >> + else >> +#endif >> + { >> + /* Decode URL escape sequences */ >> + tptr = percent_decode_in_place(urlcopy, /*strict:*/ 1); >> + if (tptr == NULL) >> + send_headers_and_exit(HTTP_BAD_REQUEST); >> + if (tptr == urlcopy + 1) { >> + /* '/' or NUL is encoded */ >> + send_headers_and_exit(HTTP_NOT_FOUND); >> + } >> } >> >> /* Canonicalize path */ >> @@ -2252,12 +2260,6 @@ static void handle_incoming_and_exit(const >> len_and_sockaddr *fromAddr) >> *tptr = '/'; >> } >> >> -#if ENABLE_FEATURE_HTTPD_PROXY >> - proxy_entry = find_proxy_entry(urlcopy); >> - if (proxy_entry) >> - header_buf = header_ptr = xmalloc(IOBUF_SIZE); >> -#endif >> - >> if (http_major_version >= '0') { >> /* Request was with "... HTTP/nXXX", and n >= 0 */ > > > Jim, is it working for you? _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
