Let me update the diff. Previous doesn't have an error handling when strdup() failed.
On Thu, 03 Sep 2020 13:02:51 +0900 (JST) YASUOKA Masahiko <yasu...@openbsd.org> wrote: > The diff makes REQUEST_URI in FastCGI become the original request > URI. Currently it is an url which is url decoded and canonicalized. > I could not find a specification of REQUEST_URI, but I suppose it is > the URI in HTTP request. Apache httpd and nginx is using the original > URI for it. > > ok? > > > Use the original requested URI for REQUEST_URI. Index: usr.sbin/httpd/http.h =================================================================== RCS file: /cvs/src/usr.sbin/httpd/http.h,v retrieving revision 1.15 diff -u -p -r1.15 http.h --- usr.sbin/httpd/http.h 8 May 2019 21:41:06 -0000 1.15 +++ usr.sbin/httpd/http.h 3 Sep 2020 04:09:26 -0000 @@ -246,6 +246,7 @@ struct http_descriptor { /* Rewritten path and query remain NULL if not used */ char *http_path_alias; char *http_query_alias; + char *http_path_orig; /* A tree of headers and attached lists for repeated headers. */ struct kv *http_lastheader; Index: usr.sbin/httpd/server_fcgi.c =================================================================== RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v retrieving revision 1.83 diff -u -p -r1.83 server_fcgi.c --- usr.sbin/httpd/server_fcgi.c 24 Aug 2020 15:49:11 -0000 1.83 +++ usr.sbin/httpd/server_fcgi.c 3 Sep 2020 04:09:26 -0000 @@ -299,13 +299,13 @@ server_fcgi(struct httpd *env, struct cl } if (!desc->http_query) { - if (fcgi_add_param(¶m, "REQUEST_URI", desc->http_path, + if (fcgi_add_param(¶m, "REQUEST_URI", desc->http_path_orig, clt) == -1) { errstr = "failed to encode param"; goto fail; } } else { - if (asprintf(&str, "%s?%s", desc->http_path, + if (asprintf(&str, "%s?%s", desc->http_path_orig, desc->http_query) == -1) { errstr = "failed to encode param"; goto fail; Index: usr.sbin/httpd/server_http.c =================================================================== RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v retrieving revision 1.140 diff -u -p -r1.140 server_http.c --- usr.sbin/httpd/server_http.c 3 Aug 2020 10:59:53 -0000 1.140 +++ usr.sbin/httpd/server_http.c 3 Sep 2020 04:09:26 -0000 @@ -100,6 +100,8 @@ server_httpdesc_free(struct http_descrip free(desc->http_path); desc->http_path = NULL; + free(desc->http_path_orig); + desc->http_path_orig = NULL; free(desc->http_path_alias); desc->http_path_alias = NULL; free(desc->http_query); @@ -1204,9 +1206,13 @@ server_response(struct httpd *httpd, str char *hostval, *query; const char *errstr = NULL; - /* Decode the URL */ + /* Preserve original path */ if (desc->http_path == NULL || - url_decode(desc->http_path) == NULL) + (desc->http_path_orig = strdup(desc->http_path)) == NULL) + goto fail; + + /* Decode the URL */ + if (url_decode(desc->http_path) == NULL) goto fail; /* Canonicalize the request path */