From 84f203fb1c4733608c7283bbe794005a469c4b00 Mon Sep 17 00:00:00 2001 From: rofl0r Date: Sat, 20 Aug 2022 14:43:24 +0000 Subject: [PATCH] fix reversepath directive using https url giving misleading error it's not possible to use a https url in a ReversePath directive, without removing the security provided by https, and would require adding a dependency on a TLS library like openssl and a lot of code complexity to fetch the requested resource via https and relay it back to the client. in case the reversepath directive kicked in, but the protocol wasn't recognized, and support for transparent proxying built-in, the code wrongfully tried to turn the request into a trans request, leading to a bogus rewritten url like http://localhost:8888https://www.endpoint.com and an error message that we're trying to connect to the machine the proxy runs on. now instead use the generic code that signals an invalid protocol/url was used. closes #419 --- src/reqs.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/reqs.c b/src/reqs.c index fcc0dbf..bce6981 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -322,9 +322,11 @@ static struct request_s *process_request (struct conn_s *connptr, { char *url; struct request_s *request; - int ret; + int ret, skip_trans; size_t request_len; + skip_trans = 0; + /* NULL out all the fields so frees don't cause segfaults. */ request = (struct request_s *) safecalloc (1, sizeof (struct request_s)); @@ -397,6 +399,7 @@ BAD_REQUEST_ERROR: } safefree (url); url = reverse_url; + skip_trans = 1; } else if (config->reverseonly) { log_message (LOG_ERR, "Bad request, no mapping for '%s' found", @@ -446,11 +449,13 @@ BAD_REQUEST_ERROR: connptr->connect_method = TRUE; } else { #ifdef TRANSPARENT_PROXY - if (!do_transparent_proxy - (connptr, hashofheaders, request, config, &url)) { - goto fail; - } -#else + if (!skip_trans) { + if (!do_transparent_proxy + (connptr, hashofheaders, request, config, &url)) + goto fail; + } else +#endif + { indicate_http_error (connptr, 501, "Not Implemented", "detail", "Unknown method or unsupported protocol.", @@ -458,7 +463,7 @@ BAD_REQUEST_ERROR: log_message (LOG_INFO, "Unknown method (%s) or protocol (%s)", request->method, url); goto fail; -#endif + } } #ifdef FILTER_ENABLE