diff options
| author |   tb <tb@openbsd.org> | 2019-05-08 21:41:06 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2019-05-08 21:41:06 +0000 |
| commit | a23b6848ecb2fe36fbba6a9cb7b188d5f1130e57 (patch) | |
| tree | dea2853c8b596fba2610826def7300bd053f839b /usr.sbin/httpd | |
| parent | pfctl should check pfctl.astack is not overrun (diff) | |
| download | wireguard-openbsd-a23b6848ecb2fe36fbba6a9cb7b188d5f1130e57.tar.xz wireguard-openbsd-a23b6848ecb2fe36fbba6a9cb7b188d5f1130e57.zip | |
Set the REQUEST_URI CGI variable to the requested URI and query string
instead of the rewritten path and query string.
Patch from Tim Baumgard, reminded by Mischa Peters.
ok benno, reyk
Diffstat (limited to 'usr.sbin/httpd')
| -rw-r--r-- | usr.sbin/httpd/http.h | 5 | ||||
| -rw-r--r-- | usr.sbin/httpd/server_fcgi.c | 12 | ||||
| -rw-r--r-- | usr.sbin/httpd/server_http.c | 20 |
3 files changed, 22 insertions, 15 deletions
diff --git a/usr.sbin/httpd/http.h b/usr.sbin/httpd/http.h index 410704fda12..5c877a639b7 100644 --- a/usr.sbin/httpd/http.h +++ b/usr.sbin/httpd/http.h @@ -1,4 +1,4 @@ -/* $OpenBSD: http.h,v 1.14 2016/08/01 21:15:30 benno Exp $ */ +/* $OpenBSD: http.h,v 1.15 2019/05/08 21:41:06 tb Exp $ */ /* * Copyright (c) 2012 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -243,8 +243,9 @@ struct http_descriptor { char *http_version; unsigned int http_status; - /* Rewritten path remains NULL if not used */ + /* Rewritten path and query remain NULL if not used */ char *http_path_alias; + char *http_query_alias; /* A tree of headers and attached lists for repeated headers. */ struct kv *http_lastheader; diff --git a/usr.sbin/httpd/server_fcgi.c b/usr.sbin/httpd/server_fcgi.c index 0fae76cef3c..864ce6b16d5 100644 --- a/usr.sbin/httpd/server_fcgi.c +++ b/usr.sbin/httpd/server_fcgi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_fcgi.c,v 1.79 2019/05/08 19:57:45 reyk Exp $ */ +/* $OpenBSD: server_fcgi.c,v 1.80 2019/05/08 21:41:06 tb Exp $ */ /* * Copyright (c) 2014 Florian Obser <florian@openbsd.org> @@ -98,7 +98,7 @@ server_fcgi(struct httpd *env, struct client *clt) int pathlen; int fd = -1, ret; const char *stripped, *p, *alias, *errstr = NULL; - char *str, *script = NULL; + char *query_alias, *str, *script = NULL; if (srv_conf->socket[0] == ':') { struct sockaddr_storage ss; @@ -194,6 +194,10 @@ server_fcgi(struct httpd *env, struct client *clt) ? desc->http_path_alias : desc->http_path; + query_alias = desc->http_query_alias != NULL + ? desc->http_query_alias + : desc->http_query; + stripped = server_root_strip(alias, srv_conf->strip); if ((pathlen = asprintf(&script, "%s%s", srv_conf->root, stripped)) == -1) { @@ -242,8 +246,8 @@ server_fcgi(struct httpd *env, struct client *clt) goto fail; } - if (desc->http_query) { - if (fcgi_add_param(¶m, "QUERY_STRING", desc->http_query, + if (query_alias) { + if (fcgi_add_param(¶m, "QUERY_STRING", query_alias, clt) == -1) { errstr = "failed to encode param"; goto fail; diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 98238b6aa65..5a2a9072356 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.131 2019/05/08 19:57:45 reyk Exp $ */ +/* $OpenBSD: server_http.c,v 1.132 2019/05/08 21:41:06 tb Exp $ */ /* * Copyright (c) 2006 - 2018 Reyk Floeter <reyk@openbsd.org> @@ -104,6 +104,8 @@ server_httpdesc_free(struct http_descriptor *desc) desc->http_path_alias = NULL; free(desc->http_query); desc->http_query = NULL; + free(desc->http_query_alias); + desc->http_query_alias = NULL; free(desc->http_version); desc->http_version = NULL; free(desc->http_host); @@ -1304,11 +1306,11 @@ server_response(struct httpd *httpd, struct client *clt) * be URL encoded - either specified by the user or by using the * original $QUERY_STRING. */ - free(desc->http_query); - desc->http_query = NULL; + free(desc->http_query_alias); + desc->http_query_alias = NULL; if ((query = strchr(path, '?')) != NULL) { *query++ = '\0'; - if ((desc->http_query = strdup(query)) == NULL) + if ((desc->http_query_alias = strdup(query)) == NULL) goto fail; } @@ -1317,15 +1319,15 @@ server_response(struct httpd *httpd, struct client *clt) path, sizeof(path)) == NULL) goto fail; - log_debug("%s: rewrote %s -> %s?%s", __func__, - desc->http_path, path, desc->http_query); + log_debug("%s: rewrote %s?%s -> %s?%s", __func__, + desc->http_path, desc->http_query, path, query); - free(desc->http_path); - if ((desc->http_path = strdup(path)) == NULL) + free(desc->http_path_alias); + if ((desc->http_path_alias = strdup(path)) == NULL) goto fail; /* Now search for the updated location */ - srv_conf = server_getlocation(clt, desc->http_path); + srv_conf = server_getlocation(clt, desc->http_path_alias); } if (clt->clt_toread > 0 && (size_t)clt->clt_toread > |