Re: httpd: expand HTTP Host

[Reyk Floeter]

OK reyk - go for it

 Florian Obser :
> 
> This is OK florian@ or I can commit it if someone else OKs it.
> 
>> On Wed, Mar 15, 2017 at 05:55:35PM +, Rivo Nurges wrote:
>> Hi!
>> 
>> New simplified version of the patch.
>> 
>> Test results:
>> HTTP 1.1 with Host:
>> HTTP/1.0 301 Moved Permanently
>> Location: https://testhttp.int/
>> 
>> HTTP 1.0 with Host:
>> HTTP/1.0 301 Moved Permanently
>> Location: https://testhttp.int/
>> 
>> HTTP 1.1 without Host:
>> HTTP/1.0 400 Bad Request
>> 
>> HTTP 1.0 without Host:
>> HTTP/1.0 301 Moved Permanently
>> Location: https://10.10.10.10/
>> 
>> GET /:
>> HTTP/1.0 400 Bad Request
>> 
>> 
>> Rivo
>> 
>> Index: usr.sbin/httpd/server_http.c
>> ===
>> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
>> retrieving revision 1.115
>> diff -u -p -r1.115 server_http.c
>> --- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 -1.115
>> +++ usr.sbin/httpd/server_http.c15 Mar 2017 17:51:14 -
>> @@ -1068,6 +1068,14 @@ server_expand_http(struct client *clt, c
>>if (ret != 0)
>>return (NULL);
>>}
>> +if (strstr(val, "$HTTP_HOST") != NULL) {
>> +if (desc->http_host == NULL)
>> +return (NULL);
>> +if ((str = url_encode(desc->http_host)) == NULL)
>> +return (NULL);
>> +expand_string(buf, len, "$HTTP_HOST", str);
>> +free(str);
>> +}
>>if (strstr(val, "$REMOTE_") != NULL) {
>>if (strstr(val, "$REMOTE_ADDR") != NULL) {
>>if (print_host(>clt_ss,
>> Index: usr.sbin/httpd/httpd.conf.5
>> ===
>> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
>> retrieving revision 1.79
>> diff -u -p -r1.79 httpd.conf.5
>> --- usr.sbin/httpd/httpd.conf.57 Feb 2017 12:27:42 -1.79
>> +++ usr.sbin/httpd/httpd.conf.515 Mar 2017 17:51:14 -
>> @@ -221,6 +221,8 @@ The configured IP address of the server.
>> The configured TCP server port of the server.
>> .It Ic $SERVER_NAME
>> The name of the server.
>> +.It Ic $HTTP_HOST
>> +The host from the HTTP Host header.
>> .It Pf % Ar n
>> The capture index
>> .Ar n
>> 
>> begin-base64 644 http_host.diff
>> SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
>> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
>> L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
>> b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
>> dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
>> ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTUgTWFyIDIwMTcgMTc6NTE6MTQgLTAwMDAKQEAg
>> LTEwNjgsNiArMTA2OCwxNCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0
>> LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo
>> dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO
>> VUxMKQorCQkJcmV0dXJuIChOVUxMKTsKKwkJaWYgKChzdHIgPSB1cmxfZW5jb2RlKGRlc2MtPmh0
>> dHBfaG9zdCkpID09IE5VTEwpCisJCQlyZXR1cm4gKE5VTEwpOworCQlleHBhbmRfc3RyaW5nKGJ1
>> ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCWZyZWUoc3RyKTsKKwl9CiAJaWYgKHN0cnN0
>> cih2YWwsICIkUkVNT1RFXyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF
>> X0FERFIiKSAhPSBOVUxMKSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4
>> OiB1c3Iuc2Jpbi9odHRwZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09
>> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9z
>> cmMvdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5
>> CmRpZmYgLXUgLXAgLXIxLjc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQu
>> Y29uZi41CTcgRmViIDIwMTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQv
>> aHR0cGQuY29uZi41CTE1IE1hciAyMDE3IDE3OjUxOjE0IC0wMDAwCkBAIC0yMjEsNiArMjIxLDgg
>> QEAgVGhlIGNvbmZpZ3VyZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3Vy
>> ZWQgVENQIHNlcnZlciBwb3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBU
>> aGUgbmFtZSBvZiB0aGUgc2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20g
>> dGhlIEhUVFAgSG9zdCBoZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAog
>> LkFyIG4K
>>  
>> 
> 
> -- 
> I'm not entirely sure you are real.
> 

Re: httpd: expand HTTP Host

[Florian Obser]

This is OK florian@ or I can commit it if someone else OKs it.

On Wed, Mar 15, 2017 at 05:55:35PM +, Rivo Nurges wrote:
> Hi!
> 
> New simplified version of the patch.
> 
> Test results:
> HTTP 1.1 with Host:
> HTTP/1.0 301 Moved Permanently
> Location: https://testhttp.int/
> 
> HTTP 1.0 with Host:
> HTTP/1.0 301 Moved Permanently
> Location: https://testhttp.int/
> 
> HTTP 1.1 without Host:
> HTTP/1.0 400 Bad Request
> 
> HTTP 1.0 without Host:
> HTTP/1.0 301 Moved Permanently
> Location: https://10.10.10.10/
> 
> GET /:
> HTTP/1.0 400 Bad Request
> 
> 
> Rivo
> 
> Index: usr.sbin/httpd/server_http.c
> ===
> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> retrieving revision 1.115
> diff -u -p -r1.115 server_http.c
> --- usr.sbin/httpd/server_http.c  10 Mar 2017 21:06:43 -  1.115
> +++ usr.sbin/httpd/server_http.c  15 Mar 2017 17:51:14 -
> @@ -1068,6 +1068,14 @@ server_expand_http(struct client *clt, c
>   if (ret != 0)
>   return (NULL);
>   }
> + if (strstr(val, "$HTTP_HOST") != NULL) {
> + if (desc->http_host == NULL)
> + return (NULL);
> + if ((str = url_encode(desc->http_host)) == NULL)
> + return (NULL);
> + expand_string(buf, len, "$HTTP_HOST", str);
> + free(str);
> + }
>   if (strstr(val, "$REMOTE_") != NULL) {
>   if (strstr(val, "$REMOTE_ADDR") != NULL) {
>   if (print_host(>clt_ss,
> Index: usr.sbin/httpd/httpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.79
> diff -u -p -r1.79 httpd.conf.5
> --- usr.sbin/httpd/httpd.conf.5   7 Feb 2017 12:27:42 -   1.79
> +++ usr.sbin/httpd/httpd.conf.5   15 Mar 2017 17:51:14 -
> @@ -221,6 +221,8 @@ The configured IP address of the server.
>  The configured TCP server port of the server.
>  .It Ic $SERVER_NAME
>  The name of the server.
> +.It Ic $HTTP_HOST
> +The host from the HTTP Host header.
>  .It Pf % Ar n
>  The capture index
>  .Ar n
> 
> begin-base64 644 http_host.diff
> SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
> L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
> b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
> dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
> ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTUgTWFyIDIwMTcgMTc6NTE6MTQgLTAwMDAKQEAg
> LTEwNjgsNiArMTA2OCwxNCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0
> LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo
> dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO
> VUxMKQorCQkJcmV0dXJuIChOVUxMKTsKKwkJaWYgKChzdHIgPSB1cmxfZW5jb2RlKGRlc2MtPmh0
> dHBfaG9zdCkpID09IE5VTEwpCisJCQlyZXR1cm4gKE5VTEwpOworCQlleHBhbmRfc3RyaW5nKGJ1
> ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCWZyZWUoc3RyKTsKKwl9CiAJaWYgKHN0cnN0
> cih2YWwsICIkUkVNT1RFXyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF
> X0FERFIiKSAhPSBOVUxMKSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4
> OiB1c3Iuc2Jpbi9odHRwZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9z
> cmMvdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5
> CmRpZmYgLXUgLXAgLXIxLjc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQu
> Y29uZi41CTcgRmViIDIwMTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQv
> aHR0cGQuY29uZi41CTE1IE1hciAyMDE3IDE3OjUxOjE0IC0wMDAwCkBAIC0yMjEsNiArMjIxLDgg
> QEAgVGhlIGNvbmZpZ3VyZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3Vy
> ZWQgVENQIHNlcnZlciBwb3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBU
> aGUgbmFtZSBvZiB0aGUgc2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20g
> dGhlIEhUVFAgSG9zdCBoZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAog
> LkFyIG4K
>  
> 

-- 
I'm not entirely sure you are real.

Re: httpd: expand HTTP Host

[Rivo Nurges]

Hi!

New simplified version of the patch.

Test results:
HTTP 1.1 with Host:
HTTP/1.0 301 Moved Permanently
Location: https://testhttp.int/

HTTP 1.0 with Host:
HTTP/1.0 301 Moved Permanently
Location: https://testhttp.int/

HTTP 1.1 without Host:
HTTP/1.0 400 Bad Request

HTTP 1.0 without Host:
HTTP/1.0 301 Moved Permanently
Location: https://10.10.10.10/

GET /:
HTTP/1.0 400 Bad Request


Rivo

Index: usr.sbin/httpd/server_http.c
===
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.115
diff -u -p -r1.115 server_http.c
--- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 -  1.115
+++ usr.sbin/httpd/server_http.c15 Mar 2017 17:51:14 -
@@ -1068,6 +1068,14 @@ server_expand_http(struct client *clt, c
if (ret != 0)
return (NULL);
}
+   if (strstr(val, "$HTTP_HOST") != NULL) {
+   if (desc->http_host == NULL)
+   return (NULL);
+   if ((str = url_encode(desc->http_host)) == NULL)
+   return (NULL);
+   expand_string(buf, len, "$HTTP_HOST", str);
+   free(str);
+   }
if (strstr(val, "$REMOTE_") != NULL) {
if (strstr(val, "$REMOTE_ADDR") != NULL) {
if (print_host(>clt_ss,
Index: usr.sbin/httpd/httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.79
diff -u -p -r1.79 httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 -   1.79
+++ usr.sbin/httpd/httpd.conf.5 15 Mar 2017 17:51:14 -
@@ -221,6 +221,8 @@ The configured IP address of the server.
 The configured TCP server port of the server.
 .It Ic $SERVER_NAME
 The name of the server.
+.It Ic $HTTP_HOST
+The host from the HTTP Host header.
 .It Pf % Ar n
 The capture index
 .Ar n

begin-base64 644 http_host.diff
SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTUgTWFyIDIwMTcgMTc6NTE6MTQgLTAwMDAKQEAg
LTEwNjgsNiArMTA2OCwxNCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0
LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo
dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO
VUxMKQorCQkJcmV0dXJuIChOVUxMKTsKKwkJaWYgKChzdHIgPSB1cmxfZW5jb2RlKGRlc2MtPmh0
dHBfaG9zdCkpID09IE5VTEwpCisJCQlyZXR1cm4gKE5VTEwpOworCQlleHBhbmRfc3RyaW5nKGJ1
ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCWZyZWUoc3RyKTsKKwl9CiAJaWYgKHN0cnN0
cih2YWwsICIkUkVNT1RFXyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF
X0FERFIiKSAhPSBOVUxMKSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4
OiB1c3Iuc2Jpbi9odHRwZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9z
cmMvdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5
CmRpZmYgLXUgLXAgLXIxLjc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQu
Y29uZi41CTcgRmViIDIwMTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQv
aHR0cGQuY29uZi41CTE1IE1hciAyMDE3IDE3OjUxOjE0IC0wMDAwCkBAIC0yMjEsNiArMjIxLDgg
QEAgVGhlIGNvbmZpZ3VyZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3Vy
ZWQgVENQIHNlcnZlciBwb3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBU
aGUgbmFtZSBvZiB0aGUgc2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20g
dGhlIEhUVFAgSG9zdCBoZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAog
LkFyIG4K
 

Re: httpd: expand HTTP Host

[Rivo Nurges]

Hi!

Sure. Should I create new patch?

Rivo

On 13/03/2017, 20:38, "Florian Obser"  wrote:

On Mon, Mar 13, 2017 at 06:22:50PM +, Rivo Nurges wrote:
> Hi!
> 
> Host header is mandatory for HTTP 1.1 requests and httpd will return
> 400 Bad request without it. With HTTP 1.0 requests I get 301 to the
> IP the httpd is running on.
> 

right, so the
if (desc->http_host == NULL) {
can't actually happen.

how about

+   if (desc->http_host == NULL)
+   return (NULL)
+ 
+   if ((str = url_encode(desc->http_host)) == NULL)
...

that would be OK by me

> Connected to 10.XXX
> Escape character is '^]'.
> GET / HTTP/1.0\r\n\r\n
> 
> HTTP/1.0 301 Moved Permanently
> Date: Mon, 13 Mar 2017 18:20:48 GMT
> Server: OpenBSD httpd
> Connection: close
> Content-Type: text/html
> Content-Length: 443
> Location: https://10.XXX/
> 
> Rivo
> 
> On 13/03/2017, 20:10, "Florian Obser"  wrote:
> 
> On Sat, Mar 11, 2017 at 06:11:53PM +, Rivo Nurges wrote:
> > Hi!
> > 
> > Following will add possibility to expand $HTTP_HOST to the HTTP
> > Host header in "block return".
> > 
> > In my setup I have relayd on port 443 and httpd on 80. This patch
> > allows me to redirect http(httpd) to https(relayd) without knowing
> > the host.
> > 
> > /etc/httpd.conf:
> > server "redirect" {
> >   listen on * port 80
> >   block return 301 "https://$HTTP_HOST$REQUEST_URI;
> > }
> > 
> > Rivo
> > 
> > Index: usr.sbin/httpd/server_http.c
> > ===
> > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> > retrieving revision 1.115
> > diff -u -p -r1.115 server_http.c
> > --- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 -  
1.115
> > +++ usr.sbin/httpd/server_http.c11 Mar 2017 17:51:23 -
> > @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c
> > if (ret != 0)
> > return (NULL);
> > }
> > +   if (strstr(val, "$HTTP_HOST") != NULL) {
> > +   if (desc->http_host == NULL) {
> > +   ret = expand_string(buf, len, "$HTTP_HOST", "");
> 
> This will not create a working redirect. Should we return 500 instead
> if there is no host header?
> 
> What is nginx doing in that case?
> 
> nginx has $http_host and $host, $host is assigned the host header and
> if that doesn't exist the server name. (Wouldn't help in your case
> since it would redirect to https://redirect/).
> 
> Other than this looks good.
> 
> > +   } else {
> > +   if ((str = url_encode(desc->http_host)) == NULL)
> > +   return (NULL);
> > +   ret = expand_string(buf, len, "$HTTP_HOST", 
str);
> > +   free(str);
> > +   }
> > +   if (ret != 0)
> > +   return (NULL);
> > +   }
> > if (strstr(val, "$REMOTE_") != NULL) {
> > if (strstr(val, "$REMOTE_ADDR") != NULL) {
> > if (print_host(>clt_ss,
> > Index: usr.sbin/httpd/httpd.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> > retrieving revision 1.79
> > diff -u -p -r1.79 httpd.conf.5
> > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 -   
1.79
> > +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 -
> > @@ -221,6 +221,8 @@ The configured IP address of the server.
> >  The configured TCP server port of the server.
> >  .It Ic $SERVER_NAME
> >  The name of the server.
> > +.It Ic $HTTP_HOST
> > +The host from the HTTP Host header.
> >  .It Pf % Ar n
> >  The capture index
> >  .Ar n
> > 
> > begin-base64 644 http_host.diff
> > 
SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
> > 
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
> > 
L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
> > 
b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
> > 
dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
> > 

Re: httpd: expand HTTP Host

[Florian Obser]

On Mon, Mar 13, 2017 at 06:22:50PM +, Rivo Nurges wrote:
> Hi!
> 
> Host header is mandatory for HTTP 1.1 requests and httpd will return
> 400 Bad request without it. With HTTP 1.0 requests I get 301 to the
> IP the httpd is running on.
> 

right, so the
if (desc->http_host == NULL) {
can't actually happen.

how about

+   if (desc->http_host == NULL)
+   return (NULL)
+ 
+   if ((str = url_encode(desc->http_host)) == NULL)
...

that would be OK by me

> Connected to 10.XXX
> Escape character is '^]'.
> GET / HTTP/1.0\r\n\r\n
> 
> HTTP/1.0 301 Moved Permanently
> Date: Mon, 13 Mar 2017 18:20:48 GMT
> Server: OpenBSD httpd
> Connection: close
> Content-Type: text/html
> Content-Length: 443
> Location: https://10.XXX/
> 
> Rivo
> 
> On 13/03/2017, 20:10, "Florian Obser"  wrote:
> 
> On Sat, Mar 11, 2017 at 06:11:53PM +, Rivo Nurges wrote:
> > Hi!
> > 
> > Following will add possibility to expand $HTTP_HOST to the HTTP
> > Host header in "block return".
> > 
> > In my setup I have relayd on port 443 and httpd on 80. This patch
> > allows me to redirect http(httpd) to https(relayd) without knowing
> > the host.
> > 
> > /etc/httpd.conf:
> > server "redirect" {
> >   listen on * port 80
> >   block return 301 "https://$HTTP_HOST$REQUEST_URI;
> > }
> > 
> > Rivo
> > 
> > Index: usr.sbin/httpd/server_http.c
> > ===
> > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> > retrieving revision 1.115
> > diff -u -p -r1.115 server_http.c
> > --- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 -  
> 1.115
> > +++ usr.sbin/httpd/server_http.c11 Mar 2017 17:51:23 -
> > @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c
> > if (ret != 0)
> > return (NULL);
> > }
> > +   if (strstr(val, "$HTTP_HOST") != NULL) {
> > +   if (desc->http_host == NULL) {
> > +   ret = expand_string(buf, len, "$HTTP_HOST", "");
> 
> This will not create a working redirect. Should we return 500 instead
> if there is no host header?
> 
> What is nginx doing in that case?
> 
> nginx has $http_host and $host, $host is assigned the host header and
> if that doesn't exist the server name. (Wouldn't help in your case
> since it would redirect to https://redirect/).
> 
> Other than this looks good.
> 
> > +   } else {
> > +   if ((str = url_encode(desc->http_host)) == NULL)
> > +   return (NULL);
> > +   ret = expand_string(buf, len, "$HTTP_HOST", 
> str);
> > +   free(str);
> > +   }
> > +   if (ret != 0)
> > +   return (NULL);
> > +   }
> > if (strstr(val, "$REMOTE_") != NULL) {
> > if (strstr(val, "$REMOTE_ADDR") != NULL) {
> > if (print_host(>clt_ss,
> > Index: usr.sbin/httpd/httpd.conf.5
> > ===
> > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> > retrieving revision 1.79
> > diff -u -p -r1.79 httpd.conf.5
> > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 -   1.79
> > +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 -
> > @@ -221,6 +221,8 @@ The configured IP address of the server.
> >  The configured TCP server port of the server.
> >  .It Ic $SERVER_NAME
> >  The name of the server.
> > +.It Ic $HTTP_HOST
> > +The host from the HTTP Host header.
> >  .It Pf % Ar n
> >  The capture index
> >  .Ar n
> > 
> > begin-base64 644 http_host.diff
> > 
> SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
> > 
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
> > 
> L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
> > 
> b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
> > 
> dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
> > 
> ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg
> > 
> LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0
> > 
> LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo
> > 
> dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO
> > 
> VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi
> > 
> KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp
> > 
> 

Re: httpd: expand HTTP Host

[Rivo Nurges]

Hi!

Host header is mandatory for HTTP 1.1 requests and httpd will return
400 Bad request without it. With HTTP 1.0 requests I get 301 to the
IP the httpd is running on.

Connected to 10.XXX
Escape character is '^]'.
GET / HTTP/1.0\r\n\r\n

HTTP/1.0 301 Moved Permanently
Date: Mon, 13 Mar 2017 18:20:48 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 443
Location: https://10.XXX/

Rivo

On 13/03/2017, 20:10, "Florian Obser"  wrote:

On Sat, Mar 11, 2017 at 06:11:53PM +, Rivo Nurges wrote:
> Hi!
> 
> Following will add possibility to expand $HTTP_HOST to the HTTP
> Host header in "block return".
> 
> In my setup I have relayd on port 443 and httpd on 80. This patch
> allows me to redirect http(httpd) to https(relayd) without knowing
> the host.
> 
> /etc/httpd.conf:
> server "redirect" {
>   listen on * port 80
>   block return 301 "https://$HTTP_HOST$REQUEST_URI;
> }
> 
> Rivo
> 
> Index: usr.sbin/httpd/server_http.c
> ===
> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> retrieving revision 1.115
> diff -u -p -r1.115 server_http.c
> --- usr.sbin/httpd/server_http.c  10 Mar 2017 21:06:43 -  1.115
> +++ usr.sbin/httpd/server_http.c  11 Mar 2017 17:51:23 -
> @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c
>   if (ret != 0)
>   return (NULL);
>   }
> + if (strstr(val, "$HTTP_HOST") != NULL) {
> + if (desc->http_host == NULL) {
> + ret = expand_string(buf, len, "$HTTP_HOST", "");

This will not create a working redirect. Should we return 500 instead
if there is no host header?

What is nginx doing in that case?

nginx has $http_host and $host, $host is assigned the host header and
if that doesn't exist the server name. (Wouldn't help in your case
since it would redirect to https://redirect/).

Other than this looks good.

> + } else {
> + if ((str = url_encode(desc->http_host)) == NULL)
> + return (NULL);
> + ret = expand_string(buf, len, "$HTTP_HOST", str);
> + free(str);
> + }
> + if (ret != 0)
> + return (NULL);
> + }
>   if (strstr(val, "$REMOTE_") != NULL) {
>   if (strstr(val, "$REMOTE_ADDR") != NULL) {
>   if (print_host(>clt_ss,
> Index: usr.sbin/httpd/httpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.79
> diff -u -p -r1.79 httpd.conf.5
> --- usr.sbin/httpd/httpd.conf.5   7 Feb 2017 12:27:42 -   1.79
> +++ usr.sbin/httpd/httpd.conf.5   11 Mar 2017 17:51:23 -
> @@ -221,6 +221,8 @@ The configured IP address of the server.
>  The configured TCP server port of the server.
>  .It Ic $SERVER_NAME
>  The name of the server.
> +.It Ic $HTTP_HOST
> +The host from the HTTP Host header.
>  .It Pf % Ar n
>  The capture index
>  .Ar n
> 
> begin-base64 644 http_host.diff
> 
SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
> 
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
> 
L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
> 
b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
> 
dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
> 
ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg
> 
LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0
> 
LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo
> 
dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO
> 
VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi
> 
KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp
> 
KSA9PSBOVUxMKQorCQkJCXJldHVybiAoTlVMTCk7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1
> 
ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCQlmcmVlKHN0cik7CisJCX0KKwkJaWYgKHJl
> 
dCAhPSAwKQorCQkJcmV0dXJuIChOVUxMKTsKKwl9CiAJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF
> 
XyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RFX0FERFIiKSAhPSBOVUxM
> 
KSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4OiB1c3Iuc2Jpbi9odHRw
> 
ZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> 
PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9zcmMvdXNyLnNiaW4vaHR0
> 
cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5CmRpZmYgLXUgLXAgLXIx
> 

Re: httpd: expand HTTP Host

[Florian Obser]

On Sat, Mar 11, 2017 at 06:11:53PM +, Rivo Nurges wrote:
> Hi!
> 
> Following will add possibility to expand $HTTP_HOST to the HTTP
> Host header in "block return".
> 
> In my setup I have relayd on port 443 and httpd on 80. This patch
> allows me to redirect http(httpd) to https(relayd) without knowing
> the host.
> 
> /etc/httpd.conf:
> server "redirect" {
>   listen on * port 80
>   block return 301 "https://$HTTP_HOST$REQUEST_URI;
> }
> 
> Rivo
> 
> Index: usr.sbin/httpd/server_http.c
> ===
> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> retrieving revision 1.115
> diff -u -p -r1.115 server_http.c
> --- usr.sbin/httpd/server_http.c  10 Mar 2017 21:06:43 -  1.115
> +++ usr.sbin/httpd/server_http.c  11 Mar 2017 17:51:23 -
> @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c
>   if (ret != 0)
>   return (NULL);
>   }
> + if (strstr(val, "$HTTP_HOST") != NULL) {
> + if (desc->http_host == NULL) {
> + ret = expand_string(buf, len, "$HTTP_HOST", "");

This will not create a working redirect. Should we return 500 instead
if there is no host header?

What is nginx doing in that case?

nginx has $http_host and $host, $host is assigned the host header and
if that doesn't exist the server name. (Wouldn't help in your case
since it would redirect to https://redirect/).

Other than this looks good.

> + } else {
> + if ((str = url_encode(desc->http_host)) == NULL)
> + return (NULL);
> + ret = expand_string(buf, len, "$HTTP_HOST", str);
> + free(str);
> + }
> + if (ret != 0)
> + return (NULL);
> + }
>   if (strstr(val, "$REMOTE_") != NULL) {
>   if (strstr(val, "$REMOTE_ADDR") != NULL) {
>   if (print_host(>clt_ss,
> Index: usr.sbin/httpd/httpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.79
> diff -u -p -r1.79 httpd.conf.5
> --- usr.sbin/httpd/httpd.conf.5   7 Feb 2017 12:27:42 -   1.79
> +++ usr.sbin/httpd/httpd.conf.5   11 Mar 2017 17:51:23 -
> @@ -221,6 +221,8 @@ The configured IP address of the server.
>  The configured TCP server port of the server.
>  .It Ic $SERVER_NAME
>  The name of the server.
> +.It Ic $HTTP_HOST
> +The host from the HTTP Host header.
>  .It Pf % Ar n
>  The capture index
>  .Ar n
> 
> begin-base64 644 http_host.diff
> SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
> L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
> b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
> dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
> ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg
> LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0
> LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo
> dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO
> VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi
> KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp
> KSA9PSBOVUxMKQorCQkJCXJldHVybiAoTlVMTCk7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1
> ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCQlmcmVlKHN0cik7CisJCX0KKwkJaWYgKHJl
> dCAhPSAwKQorCQkJcmV0dXJuIChOVUxMKTsKKwl9CiAJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF
> XyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RFX0FERFIiKSAhPSBOVUxM
> KSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4OiB1c3Iuc2Jpbi9odHRw
> ZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
> PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9zcmMvdXNyLnNiaW4vaHR0
> cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5CmRpZmYgLXUgLXAgLXIx
> Ljc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTcgRmViIDIw
> MTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTEx
> IE1hciAyMDE3IDE3OjUxOjIzIC0wMDAwCkBAIC0yMjEsNiArMjIxLDggQEAgVGhlIGNvbmZpZ3Vy
> ZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3VyZWQgVENQIHNlcnZlciBw
> b3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBUaGUgbmFtZSBvZiB0aGUg
> c2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20gdGhlIEhUVFAgSG9zdCBo
> ZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAogLkFyIG4K
> 
> 

-- 
I'm not entirely sure you are real.

httpd: expand HTTP Host

[Rivo Nurges]

Hi!

Following will add possibility to expand $HTTP_HOST to the HTTP
Host header in "block return".

In my setup I have relayd on port 443 and httpd on 80. This patch
allows me to redirect http(httpd) to https(relayd) without knowing
the host.

/etc/httpd.conf:
server "redirect" {
  listen on * port 80
  block return 301 "https://$HTTP_HOST$REQUEST_URI;
}

Rivo

Index: usr.sbin/httpd/server_http.c
===
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.115
diff -u -p -r1.115 server_http.c
--- usr.sbin/httpd/server_http.c10 Mar 2017 21:06:43 -  1.115
+++ usr.sbin/httpd/server_http.c11 Mar 2017 17:51:23 -
@@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c
if (ret != 0)
return (NULL);
}
+   if (strstr(val, "$HTTP_HOST") != NULL) {
+   if (desc->http_host == NULL) {
+   ret = expand_string(buf, len, "$HTTP_HOST", "");
+   } else {
+   if ((str = url_encode(desc->http_host)) == NULL)
+   return (NULL);
+   ret = expand_string(buf, len, "$HTTP_HOST", str);
+   free(str);
+   }
+   if (ret != 0)
+   return (NULL);
+   }
if (strstr(val, "$REMOTE_") != NULL) {
if (strstr(val, "$REMOTE_ADDR") != NULL) {
if (print_host(>clt_ss,
Index: usr.sbin/httpd/httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.79
diff -u -p -r1.79 httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 -   1.79
+++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 -
@@ -221,6 +221,8 @@ The configured IP address of the server.
 The configured TCP server port of the server.
 .It Ic $SERVER_NAME
 The name of the server.
+.It Ic $HTTP_HOST
+The host from the HTTP Host header.
 .It Pf % Ar n
 The capture index
 .Ar n

begin-base64 644 http_host.diff
SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog
L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp
b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0
dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz
ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg
LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0
LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo
dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO
VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi
KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp
KSA9PSBOVUxMKQorCQkJCXJldHVybiAoTlVMTCk7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1
ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCQlmcmVlKHN0cik7CisJCX0KKwkJaWYgKHJl
dCAhPSAwKQorCQkJcmV0dXJuIChOVUxMKTsKKwl9CiAJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF
XyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RFX0FERFIiKSAhPSBOVUxM
KSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4OiB1c3Iuc2Jpbi9odHRw
ZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9zcmMvdXNyLnNiaW4vaHR0
cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5CmRpZmYgLXUgLXAgLXIx
Ljc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTcgRmViIDIw
MTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTEx
IE1hciAyMDE3IDE3OjUxOjIzIC0wMDAwCkBAIC0yMjEsNiArMjIxLDggQEAgVGhlIGNvbmZpZ3Vy
ZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3VyZWQgVENQIHNlcnZlciBw
b3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBUaGUgbmFtZSBvZiB0aGUg
c2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20gdGhlIEhUVFAgSG9zdCBo
ZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAogLkFyIG4K