Re: httpd: use the original uri for REQUEST_URI

[YASUOKA Masahiko]

Let me update the diff.  Previous doesn't have an error handling when
strdup() failed.

On Thu, 03 Sep 2020 13:02:51 +0900 (JST)
YASUOKA Masahiko <yasu...@openbsd.org> wrote:
> The diff makes REQUEST_URI in FastCGI become the original request
> URI.  Currently it is an url which is url decoded and canonicalized.
> I could not find a specification of REQUEST_URI, but I suppose it is
> the URI in HTTP request.  Apache httpd and nginx is using the original
> URI for it.
> 
> ok?
> 
> 
> Use the original requested URI for REQUEST_URI.

Index: usr.sbin/httpd/http.h
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/http.h,v
retrieving revision 1.15
diff -u -p -r1.15 http.h
--- usr.sbin/httpd/http.h       8 May 2019 21:41:06 -0000       1.15
+++ usr.sbin/httpd/http.h       3 Sep 2020 04:09:26 -0000
@@ -246,6 +246,7 @@ struct http_descriptor {
        /* Rewritten path and query remain NULL if not used */
        char                    *http_path_alias;
        char                    *http_query_alias;
+       char                    *http_path_orig;
 
        /* A tree of headers and attached lists for repeated headers. */
        struct kv               *http_lastheader;
Index: usr.sbin/httpd/server_fcgi.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v
retrieving revision 1.83
diff -u -p -r1.83 server_fcgi.c
--- usr.sbin/httpd/server_fcgi.c        24 Aug 2020 15:49:11 -0000      1.83
+++ usr.sbin/httpd/server_fcgi.c        3 Sep 2020 04:09:26 -0000
@@ -299,13 +299,13 @@ server_fcgi(struct httpd *env, struct cl
        }
 
        if (!desc->http_query) {
-               if (fcgi_add_param(&param, "REQUEST_URI", desc->http_path,
+               if (fcgi_add_param(&param, "REQUEST_URI", desc->http_path_orig,
                    clt) == -1) {
                        errstr = "failed to encode param";
                        goto fail;
                }
        } else {
-               if (asprintf(&str, "%s?%s", desc->http_path,
+               if (asprintf(&str, "%s?%s", desc->http_path_orig,
                    desc->http_query) == -1) {
                        errstr = "failed to encode param";
                        goto fail;
Index: usr.sbin/httpd/server_http.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.140
diff -u -p -r1.140 server_http.c
--- usr.sbin/httpd/server_http.c        3 Aug 2020 10:59:53 -0000       1.140
+++ usr.sbin/httpd/server_http.c        3 Sep 2020 04:09:26 -0000
@@ -100,6 +100,8 @@ server_httpdesc_free(struct http_descrip
 
        free(desc->http_path);
        desc->http_path = NULL;
+       free(desc->http_path_orig);
+       desc->http_path_orig = NULL;
        free(desc->http_path_alias);
        desc->http_path_alias = NULL;
        free(desc->http_query);
@@ -1204,9 +1206,13 @@ server_response(struct httpd *httpd, str
        char                    *hostval, *query;
        const char              *errstr = NULL;
 
-       /* Decode the URL */
+       /* Preserve original path */
        if (desc->http_path == NULL ||
-           url_decode(desc->http_path) == NULL)
+           (desc->http_path_orig = strdup(desc->http_path)) == NULL)
+               goto fail;
+
+       /* Decode the URL */
+       if (url_decode(desc->http_path) == NULL)
                goto fail;
 
        /* Canonicalize the request path */