Anyone?
This is a tiny change but makes httpd(8) more correct.
The diff is not so complicated.
On Thu, 03 Sep 2020 13:09:49 +0900 (JST)
YASUOKA Masahiko <yasu...@openbsd.org> wrote:
> Let me update the diff. Previous doesn't have an error handling when
> strdup() failed.
>
> On Thu, 03 Sep 2020 13:02:51 +0900 (JST)
> YASUOKA Masahiko <yasu...@openbsd.org> wrote:
>> The diff makes REQUEST_URI in FastCGI become the original request
>> URI. Currently it is an url which is url decoded and canonicalized.
>> I could not find a specification of REQUEST_URI, but I suppose it is
>> the URI in HTTP request. Apache httpd and nginx is using the original
>> URI for it.
>>
>> ok?
>>
>>
>> Use the original requested URI for REQUEST_URI.
>
> Index: usr.sbin/httpd/http.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/http.h,v
> retrieving revision 1.15
> diff -u -p -r1.15 http.h
> --- usr.sbin/httpd/http.h 8 May 2019 21:41:06 -0000 1.15
> +++ usr.sbin/httpd/http.h 3 Sep 2020 04:09:26 -0000
> @@ -246,6 +246,7 @@ struct http_descriptor {
> /* Rewritten path and query remain NULL if not used */
> char *http_path_alias;
> char *http_query_alias;
> + char *http_path_orig;
>
> /* A tree of headers and attached lists for repeated headers. */
> struct kv *http_lastheader;
> Index: usr.sbin/httpd/server_fcgi.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v
> retrieving revision 1.83
> diff -u -p -r1.83 server_fcgi.c
> --- usr.sbin/httpd/server_fcgi.c 24 Aug 2020 15:49:11 -0000 1.83
> +++ usr.sbin/httpd/server_fcgi.c 3 Sep 2020 04:09:26 -0000
> @@ -299,13 +299,13 @@ server_fcgi(struct httpd *env, struct cl
> }
>
> if (!desc->http_query) {
> - if (fcgi_add_param(¶m, "REQUEST_URI", desc->http_path,
> + if (fcgi_add_param(¶m, "REQUEST_URI", desc->http_path_orig,
> clt) == -1) {
> errstr = "failed to encode param";
> goto fail;
> }
> } else {
> - if (asprintf(&str, "%s?%s", desc->http_path,
> + if (asprintf(&str, "%s?%s", desc->http_path_orig,
> desc->http_query) == -1) {
> errstr = "failed to encode param";
> goto fail;
> Index: usr.sbin/httpd/server_http.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> retrieving revision 1.140
> diff -u -p -r1.140 server_http.c
> --- usr.sbin/httpd/server_http.c 3 Aug 2020 10:59:53 -0000 1.140
> +++ usr.sbin/httpd/server_http.c 3 Sep 2020 04:09:26 -0000
> @@ -100,6 +100,8 @@ server_httpdesc_free(struct http_descrip
>
> free(desc->http_path);
> desc->http_path = NULL;
> + free(desc->http_path_orig);
> + desc->http_path_orig = NULL;
> free(desc->http_path_alias);
> desc->http_path_alias = NULL;
> free(desc->http_query);
> @@ -1204,9 +1206,13 @@ server_response(struct httpd *httpd, str
> char *hostval, *query;
> const char *errstr = NULL;
>
> - /* Decode the URL */
> + /* Preserve original path */
> if (desc->http_path == NULL ||
> - url_decode(desc->http_path) == NULL)
> + (desc->http_path_orig = strdup(desc->http_path)) == NULL)
> + goto fail;
> +
> + /* Decode the URL */
> + if (url_decode(desc->http_path) == NULL)
> goto fail;
>
> /* Canonicalize the request path */
