Browse Source

https: Quote path in URL before passing it to curl

Curl requires URLs to be urlencoded. We are however giving it
undecoded URLs. This causes it go completely nuts if there is
a space in the URI, producing requests like:

    GET /a file HTTP/1.1

which the servers then interpret as a GET request for "/a" with
HTTP version "file" or some other non-sense.

This works around the issue by encoding the path component of
the URL. I'm not sure if we should encode other parts of the URL
as well, this one seems to do the trick for the actual issue at
hand.

A more correct fix is to avoid the dequoting and (re-)quoting
of URLs when a redirect occurs / a new request is sent. That's
been on the radar for probably a year or two now, but nobody
bothered implementing that yet.

LP: #1651923
tags/debian/1.4_beta4
Julian Andres Klode 4 years ago
parent
commit
994515e689
2 changed files with 23 additions and 0 deletions
  1. +4
    -0
      methods/https.cc
  2. +19
    -0
      test/integration/test-ubuntu-bug-1651923-requote-https-uri

+ 4
- 0
methods/https.cc View File

@@ -275,6 +275,10 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
if (Server == nullptr || Server->Comp(Itm->Uri) == false)
Server = CreateServerState(Itm->Uri);

// The "+" is encoded as a workaround for a amazon S3 bug
// see LP bugs #1003633 and #1086997. (taken from http method)
Uri.Path = QuoteString(Uri.Path, "+~ ");

FetchResult Res;
RequestState Req(this, Server.get());
CURLUserPointer userp(this, &Res, Itm, &Req);


+ 19
- 0
test/integration/test-ubuntu-bug-1651923-requote-https-uri View File

@@ -0,0 +1,19 @@
#!/bin/sh
set -e

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture "i386"

mkdir "aptarchive/target with space"
echo 'alright' > "aptarchive/target with space/working"
changetohttpswebserver
webserverconfig 'aptwebserver::redirect::replace::/targetwithoutspace/' '/target%20with%20space/'
webserverconfig 'aptwebserver::redirect::replace::/targetwithoutspace2/' '/target with space/'

testsuccess apthelper download-file -o debug::acquire::http=1 "http://localhost:${APTHTTPPORT}/targetwithoutspace/working" httpfile1
testsuccess apthelper download-file -o debug::acquire::http=1 "http://localhost:${APTHTTPPORT}/targetwithoutspace2/working" httpfile2
testsuccess apthelper download-file -o debug::acquire::https=1 "https://localhost:${APTHTTPSPORT}/targetwithoutspace/working" httpsfile1
testsuccess apthelper download-file -o debug::acquire::https=1 "https://localhost:${APTHTTPSPORT}/targetwithoutspace2/working" httpsfile2

Loading…
Cancel
Save