I have discovered a bug this morning on Windows using trunk as of [21d5038fd0]:
the login mechanism is broken, because at some point it relies on the IP
address being in the cookie, but the WSAAddressToString() Windows function
which had to be used in winhttp.c for backward compatibility down to XP also
outputs the port number. In addition, facing an IPv6 address, let's say ::1 it
creates a string as [::1]:12345 (12345 being the port in this sample). This
breaks the login mechanism.
Here is an easy fix based on [21d5038fd0], tested with msvc 2017 and MinGW.
It works by zeroing the port number of the remote address before converting to
string. With port set to 0, WSAAddressToString stops appending the port number
to the string.
So ::1 stays ::1 and not [::1]:12345
The login mechanism works again after this.
Index: src/winhttp.c
==================================================================
--- src/winhttp.c
+++ src/winhttp.c
@@ -190,10 +190,11 @@
/*
** The repository name is only needed if there was no open checkout. This
** is designed to allow the open checkout for the interactive user to work
** with the local Fossil server started via the "ui" command.
*/
+ p->addr.sin6_port = 0;
if( WSAAddressToStringA((SOCKADDR*)&p->addr, sizeof(p->addr),
NULL, zIp, &nIp)!=0 ){
zIp[0] = 0;
}
if( (p->flags & HTTP_SERVER_HAD_CHECKOUT)==0 ){
@@ -277,10 +278,11 @@
if( got<=0 ) break;
fwrite(zHdr, 1, got, out);
wanted += got;
}
assert( g.zRepositoryName && g.zRepositoryName[0] );
+ p->addr.sin6_port = 0;
if (WSAAddressToStringA((SOCKADDR*)&p->addr, sizeof(p->addr),
NULL, zIp, &nIp)!=0){
zIp[0] = 0;
}
sqlite3_snprintf(sizeof(zCmd), zCmd,
--
Best Regards, Meilleures salutations, Met vriendelijke groeten,
Olivier Mascia
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
