bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix reversepath directive using https url giving misleading error

Browse Source 
it's not possible to use a https url in a ReversePath directive, without
removing the security provided by https, and would require adding a
dependency on a TLS library like openssl and a lot of code complexity
to fetch the requested resource via https and relay it back to the client.

in case the reversepath directive kicked in, but the protocol wasn't
recognized, and support for transparent proxying built-in, the code
wrongfully tried to turn the request into a trans request, leading
to a bogus rewritten url like http://localhost:8888https://www.endpoint.com
and an error message that we're trying to connect to the machine the
proxy runs on.

now instead use the generic code that signals an invalid protocol/url
was used.

closes #419
This commit is contained in:
rofl0r 2022-08-20 14:43:24 +00:00
parent 121be4a74e
commit 84f203fb1c
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/reqs.c
View File

@ -322,9 +322,11 @@ static struct request_s *process_request (struct conn_s *connptr,
{ {
char *url; char *url;
struct request_s *request; struct request_s *request;
int ret; int ret, skip_trans;
size_t request_len; size_t request_len;
skip_trans = 0;
/* NULL out all the fields so frees don't cause segfaults. */ /* NULL out all the fields so frees don't cause segfaults. */
request = request =
(struct request_s *) safecalloc (1, sizeof (struct request_s)); (struct request_s *) safecalloc (1, sizeof (struct request_s));
@ -397,6 +399,7 @@ BAD_REQUEST_ERROR:
} }
safefree (url); safefree (url);
url = reverse_url; url = reverse_url;
skip_trans = 1;
} else if (config->reverseonly) { } else if (config->reverseonly) {
log_message (LOG_ERR, log_message (LOG_ERR,
"Bad request, no mapping for '%s' found", "Bad request, no mapping for '%s' found",
@ -446,11 +449,13 @@ BAD_REQUEST_ERROR:
connptr->connect_method = TRUE; connptr->connect_method = TRUE;
} else { } else {
#ifdef TRANSPARENT_PROXY #ifdef TRANSPARENT_PROXY
if (!do_transparent_proxy if (!skip_trans) {
(connptr, hashofheaders, request, config, &url)) { if (!do_transparent_proxy
goto fail; (connptr, hashofheaders, request, config, &url))
} goto fail;
#else } else
#endif
{
indicate_http_error (connptr, 501, "Not Implemented", indicate_http_error (connptr, 501, "Not Implemented",
"detail", "detail",
"Unknown method or unsupported protocol.", "Unknown method or unsupported protocol.",
@ -458,7 +463,7 @@ BAD_REQUEST_ERROR:
log_message (LOG_INFO, "Unknown method (%s) or protocol (%s)", log_message (LOG_INFO, "Unknown method (%s) or protocol (%s)",
request->method, url); request->method, url);
goto fail; goto fail;
#endif }
} }
#ifdef FILTER_ENABLE #ifdef FILTER_ENABLE