diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2019-04-16 10:00:06 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2019-04-16 10:07:33 +0200 |
commit | bae8f7eaf2997938615ed4282d6d93d3aa1f3fc1 (patch) | |
tree | 034d95d6c9a6a2c9dc6978774322aea0572d6a33 /archival/tar_symlink_attack | |
parent | 02d650e15919e48fe031308c77c041159c0e3631 (diff) | |
download | busybox-bae8f7eaf2997938615ed4282d6d93d3aa1f3fc1.tar.gz |
httpd: do not percent-decode URI if proxying
The proxying is documented as follows:
P:/url:[http://]hostname[:port]/new/path
Howeverm urlcopy is not a true copy anymore when it is fdprint'ed
to proxy_fd, this is because percent_decode_in_place() is called
after the copy is created.
This breaks reverse proxying all URIs containing percent
encoded spaces, e.g. - because a decoded URI will be printed out
to proxy_fd instead of the original.
The fix keeps the logic in place to canonicalize the uri first,
before reverse proxying (one could argue that the uri
should be proxied completely unaltered, except for the prefix
rewrite).
function old new delta
handle_incoming_and_exit 2752 2792 +40
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'archival/tar_symlink_attack')
0 files changed, 0 insertions, 0 deletions