[Privoxy-commits] [privoxy] branch master updated: redirect_url(): Check the actual URL when https inspecting requests

User Git git at git.privoxy.org
Wed Dec 16 17:12:29 UTC 2020 

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

The following commit(s) were added to refs/heads/master by this push:
     new 89da1910 redirect_url(): Check the actual URL when https inspecting requests
89da1910 is described below

commit 89da19109b8d75c69ed4b5c8f0e81842b7e5224e
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Tue Dec 15 19:00:00 2020 +0100

    redirect_url(): Check the actual URL when https inspecting requests
    
    Previously we would only check the path which resulted
    in rewrite results being rejected as invalid URLs.
    
    Before:
    19:37:29.494 014 Error: pcrs command "s@/test@/@" changed "/test" to "/" (1 hit), but the result doesn't look like a valid URL and will be ignored.
    
    After:
    19:40:57.857 002 Redirect: pcrs command s@/test@/@ changed https://www.electrobsd.org/test to https://www.electrobsd.org/ (1 hit).
    
    Reported by withoutname in #1736.
---
 filters.c | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/filters.c b/filters.c
index ef9661ec..e5cf406d 100644
--- a/filters.c
+++ b/filters.c
@@ -66,6 +66,9 @@
 #ifdef FEATURE_CLIENT_TAGS
 #include "client-tags.h"
 #endif
+#ifdef FEATURE_HTTPS_INSPECTION
+#include "ssl.h"
+#endif
 
 #ifdef _WIN32
 #include "win32.h"
@@ -1220,8 +1223,33 @@ struct http_response *redirect_url(struct client_state *csp)
 
       if (*redirection_string == 's')
       {
-         old_url = csp->http->url;
+#ifdef FEATURE_HTTPS_INSPECTION
+         if (client_use_ssl(csp))
+         {
+            jb_err err;
+
+            old_url = strdup_or_die("https://");
+            err = string_append(&old_url, csp->http->hostport);
+            if (!err) err = string_append(&old_url, csp->http->path);
+            if (err)
+            {
+               log_error(LOG_LEVEL_FATAL,
+                  "Failed to rebuild URL 'https://%s%s'",
+                  csp->http->hostport, csp->http->path);
+            }
+         }
+         else
+#endif
+         {
+            old_url = csp->http->url;
+         }
          new_url = rewrite_url(old_url, redirection_string);
+#ifdef FEATURE_HTTPS_INSPECTION
+         if (client_use_ssl(csp))
+         {
+            freez(old_url);
+         }
+#endif
       }
       else
       {

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Privoxy-commits mailing list