af6b6227abc3f7c982e6dfae0f144a1495d314a8 galt Sun Sep 13 11:30:47 2015 -0700 fixed so that redir does not store params like password and byterange. Instead, I made a function in net.c to do it and now call it to apply those extra params later at runtime. This is both more secure and correct. diff --git src/lib/net.c src/lib/net.c index c1085ef..7701ec0 100644 --- src/lib/net.c +++ src/lib/net.c @@ -1510,30 +1510,51 @@ if (byteRangeUsed && !foundContentRange /* hack for Apache bug 2.2.20 and 2.2.21 2011-10-21 should be OK to remove after one year. */ && !(byteRangeStart == 0 && byteRangeEnd == -1)) { char bre[256]; safef(bre, sizeof bre, "%lld", (long long)byteRangeEnd); if (byteRangeEnd == -1) bre[0] = 0; warn("Expected response header Content-Range: %lld-%s", (long long) byteRangeStart, bre); return FALSE; } return TRUE; } +char *transferParamsToRedirectedUrl(char *url, char *newUrl) +/* Transfer password, byteRange, and any other parameters from url to newUrl and return result. + * freeMem result. */ +{ +struct netParsedUrl npu, newNpu; +/* Parse the old URL to make parts available for graft onto the redirected url. */ +/* This makes redirection work with byterange urls and user:password@ */ +netParseUrl(url, &npu); +netParseUrl(newUrl, &newNpu); +if (npu.byteRangeStart != -1) + { + newNpu.byteRangeStart = npu.byteRangeStart; + newNpu.byteRangeEnd = npu.byteRangeEnd; + } +if ((npu.user[0] != 0) && (newNpu.user[0] == 0)) + { + safecpy(newNpu.user, sizeof newNpu.user, npu.user); + safecpy(newNpu.password, sizeof newNpu.password, npu.password); + } +return urlFromNetParsedUrl(&newNpu); +} boolean netSkipHttpHeaderLinesHandlingRedirect(int sd, char *url, int *redirectedSd, char **redirectedUrl) /* Skip http headers lines, returning FALSE if there is a problem. Generally called as * netSkipHttpHeaderLine(sd, url, &sd, &url); * where sd is a socket (file) opened with netUrlOpen(url), and url is in dynamic memory. * If the http header indicates that the file has moved, then it will update the *redirectedSd and * *redirectedUrl with the new socket and URL, first closing sd. * If for some reason you want to detect whether the forwarding has occurred you could * call this as: * char *newUrl = NULL; * int newSd = 0; * netSkipHttpHeaderLine(sd, url, &newSd, &newUrl); * if (newUrl != NULL) * // Update sd with newSd, free url if appropriate and replace it with newUrl, etc. * // free newUrl when finished. @@ -1569,53 +1590,31 @@ /* we have a new url to try */ ++redirectCount; if (redirectCount > 5) { warn("code 30x redirects: exceeded limit of 5 redirects, %s", newUrl); success = FALSE; } else if (!startsWith("http://",newUrl) && !startsWith("https://",newUrl)) { warn("redirected to non-http(s): %s", newUrl); success = FALSE; } else { - struct netParsedUrl npu, newNpu; - /* Parse the old URL to make parts available for graft onto the redirected url. */ - /* This makes redirection work with byterange urls and user:password@ */ - netParseUrl(url, &npu); - netParseUrl(newUrl, &newNpu); - boolean updated = FALSE; - if (npu.byteRangeStart != -1) - { - newNpu.byteRangeStart = npu.byteRangeStart; - newNpu.byteRangeEnd = npu.byteRangeEnd; - updated = TRUE; - } - if ((npu.user[0] != 0) && (newNpu.user[0] == 0)) - { - safecpy(newNpu.user, sizeof newNpu.user, npu.user); - safecpy(newNpu.password, sizeof newNpu.password, npu.password); - updated = TRUE; - } - if (updated) - { - freeMem(newUrl); - newUrl = urlFromNetParsedUrl(&newNpu); - } + newUrl = transferParamsToRedirectedUrl(url, newUrl); sd = netUrlOpen(newUrl); if (sd < 0) { warn("Couldn't open %s", newUrl); success = FALSE; } } } if (!success) { /* failure after 0 to 5 redirects */ if (redirectCount > 0) freeMem(newUrl); return FALSE; } url = newUrl;