Date: Sun, 7 Oct 2012 13:31:27 GMT From: Garrett Cooper <yanegomi@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/172452: [patch] [fetch] add HTTP 305 handling to libfetch Message-ID: <201210071331.q97DVR40031866@red.freebsd.org> Resent-Message-ID: <201210071340.q97DeErw052274@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 172452
>Category: bin
>Synopsis: [patch] [fetch] add HTTP 305 handling to libfetch
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Oct 07 13:40:13 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Garrett Cooper
>Release: 9.1-STABLE
>Organization:
EMC Isilon
>Environment:
FreeBSD bayonetta.local 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0 r240836M: Sat Sep 22 12:30:11 PDT 2012 gcooper@bayonetta.local:/usr/obj/store/freebsd/stable/9/sys/BAYONETTA amd64
>Description:
While poking around RFC-2616 and looking at libfetch for bin/172451, I noticed that libfetch wasn't handling HTTP 305 style redirects. From the RFC...
10.3.6 305 Use Proxy
The requested resource MUST be accessed through the proxy given by
the Location field. The Location field gives the URI of the proxy.
The recipient is expected to repeat this single request via the
proxy. 305 responses MUST only be generated by origin servers.
Note: RFC 2068 was not clear that 305 was intended to redirect a
single request, and to be generated by origin servers only. Not
observing these limitations has significant security consequences.
Plugging in the support was relatively trivial, but my patch isn't ultra paranoid like noted here. I poked around curl and wget, and discovered that curl implements the support, but they don't do the "paranoia checking" and instead just redirect and wget doesn't implement it at all.
Whether or not it's useful to implement this is a good question, but the simple patch is available for any interested parties.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: lib/libfetch/http.c
===================================================================
--- lib/libfetch/http.c (revision 241309)
+++ lib/libfetch/http.c (working copy)
@@ -103,6 +103,7 @@
#define HTTP_MOVED_TEMP 302
#define HTTP_SEE_OTHER 303
#define HTTP_NOT_MODIFIED 304
+#define HTTP_USE_PROXY 305
#define HTTP_TEMP_REDIRECT 307
#define HTTP_NEED_AUTH 401
#define HTTP_NEED_PROXY_AUTH 407
@@ -112,7 +113,8 @@
#define HTTP_REDIRECT(xyz) ((xyz) == HTTP_MOVED_PERM \
|| (xyz) == HTTP_MOVED_TEMP \
|| (xyz) == HTTP_TEMP_REDIRECT \
- || (xyz) == HTTP_SEE_OTHER)
+ || (xyz) == HTTP_SEE_OTHER \
+ || (xyz) == HTTP_USE_PROXY)
#define HTTP_ERROR(xyz) ((xyz) > 400 && (xyz) < 599)
@@ -1697,6 +1698,7 @@
case HTTP_MOVED_PERM:
case HTTP_MOVED_TEMP:
case HTTP_SEE_OTHER:
+ case HTTP_USE_PROXY:
/*
* Not so fine, but we still have to read the
* headers to get the new location.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210071331.q97DVR40031866>