Fossil SCM

Prohibit redirects from HTTP or HTTPS over to SSH or FILE. Fix for ticket [61613b0a9cf843b6].

drh 2020-08-17 09:16 trunk

Commit 253dbd15e268dd4ab2196aab67354fc6fdf2d67cd8f705e1975b181764f45ead

Parent c840617b8b765da…

2 files changed +10 -1 +3 -3

M src/http.c

+10 -1

		--- src/http.c
		+++ src/http.c
		@@ -375,17 +375,26 @@
375	375	j -= 4;
376	376	zLine[j] = 0;
377	377	}
378	378	if( (mHttpFlags & HTTP_QUIET)==0 ){
379	379	fossil_print("redirect with status %d to %s\n", rc, &zLine[i]);
	380	+ }
	381	+ if( g.url.isFile \|\| g.url.isSsh ){
	382	+ fossil_warning("cannot redirect from %s to %s", g.url.canonical,
	383	+ &zLine[i]);
	384	+ goto write_err;
380	385	}
381	386	wasHttps = g.url.isHttps;
382	387	url_parse(&zLine[i], 0);
383	388	if( wasHttps && !g.url.isHttps ){
384	389	fossil_warning("cannot redirect from HTTPS to HTTP");
385	390	goto write_err;
386		- }
	391	+ }
	392	+ if( g.url.isSsh \|\| g.url.isFile ){
	393	+ fossil_warning("cannot redirect to %s", &zLine[i]);
	394	+ goto write_err;
	395	+ }
387	396	transport_close(&g.url);
388	397	transport_global_shutdown(&g.url);
389	398	fSeenHttpAuth = 0;
390	399	if( g.zHttpAuth ) free(g.zHttpAuth);
391	400	g.zHttpAuth = get_httpauth();
392	401

	--- src/http.c
	+++ src/http.c
	@@ -375,17 +375,26 @@
375	j -= 4;
376	zLine[j] = 0;
377	}
378	if( (mHttpFlags & HTTP_QUIET)==0 ){
379	fossil_print("redirect with status %d to %s\n", rc, &zLine[i]);





380	}
381	wasHttps = g.url.isHttps;
382	url_parse(&zLine[i], 0);
383	if( wasHttps && !g.url.isHttps ){
384	fossil_warning("cannot redirect from HTTPS to HTTP");
385	goto write_err;
386	}




387	transport_close(&g.url);
388	transport_global_shutdown(&g.url);
389	fSeenHttpAuth = 0;
390	if( g.zHttpAuth ) free(g.zHttpAuth);
391	g.zHttpAuth = get_httpauth();
392

	--- src/http.c
	+++ src/http.c
	@@ -375,17 +375,26 @@
375	j -= 4;
376	zLine[j] = 0;
377	}
378	if( (mHttpFlags & HTTP_QUIET)==0 ){
379	fossil_print("redirect with status %d to %s\n", rc, &zLine[i]);
380	}
381	if( g.url.isFile \|\| g.url.isSsh ){
382	fossil_warning("cannot redirect from %s to %s", g.url.canonical,
383	&zLine[i]);
384	goto write_err;
385	}
386	wasHttps = g.url.isHttps;
387	url_parse(&zLine[i], 0);
388	if( wasHttps && !g.url.isHttps ){
389	fossil_warning("cannot redirect from HTTPS to HTTP");
390	goto write_err;
391	}
392	if( g.url.isSsh \|\| g.url.isFile ){
393	fossil_warning("cannot redirect to %s", &zLine[i]);
394	goto write_err;
395	}
396	transport_close(&g.url);
397	transport_global_shutdown(&g.url);
398	fSeenHttpAuth = 0;
399	if( g.zHttpAuth ) free(g.zHttpAuth);
400	g.zHttpAuth = get_httpauth();
401

M src/url.c

+3 -3

		--- src/url.c
		+++ src/url.c
		@@ -50,11 +50,11 @@
50	50	int isHttps; /* True if a "https:" url */
51	51	int isSsh; /* True if an "ssh:" url */
52	52	int isAlias; /* Input URL was an alias */
53	53	char name; / Hostname for http: or filename for file: */
54	54	char hostname; / The HOST: parameter on http headers */
55		- const char protocol; / "http" or "https" or "ssh" */
	55	+ const char protocol; / "http" or "https" or "ssh" or "file" */
56	56	int port; /* TCP port number for http: or https: */
57	57	int dfltPort; /* The default port for the given protocol */
58	58	char path; / Pathname for http: */
59	59	char user; / User id for http: */
60	60	char passwd; / Password for http: */
		@@ -76,11 +76,11 @@
76	76	** as follows:
77	77	**
78	78	** isFile True if FILE:
79	79	** isHttps True if HTTPS:
80	80	** isSsh True if SSH:
81		-** protocol "http" or "https" or "file"
	81	+** protocol "http" or "https" or "file" or "ssh"
82	82	** name Hostname for HTTP:, HTTPS:, SSH:. Filename for FILE:
83	83	** port TCP port number for HTTP or HTTPS.
84	84	** dfltPort Default TCP port number (80 or 443).
85	85	** path Path name for HTTP or HTTPS.
86	86	** user Userid.
		@@ -305,11 +305,11 @@
305	305	** form last-sync-pw.
306	306	**
307	307	** g.url.isFile True if FILE:
308	308	** g.url.isHttps True if HTTPS:
309	309	** g.url.isSsh True if SSH:
310		-** g.url.protocol "http" or "https" or "file"
	310	+** g.url.protocol "http" or "https" or "file" or "ssh"
311	311	** g.url.name Hostname for HTTP:, HTTPS:, SSH:. Filename for FILE:
312	312	** g.url.port TCP port number for HTTP or HTTPS.
313	313	** g.url.dfltPort Default TCP port number (80 or 443).
314	314	** g.url.path Path name for HTTP or HTTPS.
315	315	** g.url.user Userid.
316	316

	--- src/url.c
	+++ src/url.c
	@@ -50,11 +50,11 @@
50	int isHttps; /* True if a "https:" url */
51	int isSsh; /* True if an "ssh:" url */
52	int isAlias; /* Input URL was an alias */
53	char name; / Hostname for http: or filename for file: */
54	char hostname; / The HOST: parameter on http headers */
55	const char protocol; / "http" or "https" or "ssh" */
56	int port; /* TCP port number for http: or https: */
57	int dfltPort; /* The default port for the given protocol */
58	char path; / Pathname for http: */
59	char user; / User id for http: */
60	char passwd; / Password for http: */
	@@ -76,11 +76,11 @@
76	** as follows:
77	**
78	** isFile True if FILE:
79	** isHttps True if HTTPS:
80	** isSsh True if SSH:
81	** protocol "http" or "https" or "file"
82	** name Hostname for HTTP:, HTTPS:, SSH:. Filename for FILE:
83	** port TCP port number for HTTP or HTTPS.
84	** dfltPort Default TCP port number (80 or 443).
85	** path Path name for HTTP or HTTPS.
86	** user Userid.
	@@ -305,11 +305,11 @@
305	** form last-sync-pw.
306	**
307	** g.url.isFile True if FILE:
308	** g.url.isHttps True if HTTPS:
309	** g.url.isSsh True if SSH:
310	** g.url.protocol "http" or "https" or "file"
311	** g.url.name Hostname for HTTP:, HTTPS:, SSH:. Filename for FILE:
312	** g.url.port TCP port number for HTTP or HTTPS.
313	** g.url.dfltPort Default TCP port number (80 or 443).
314	** g.url.path Path name for HTTP or HTTPS.
315	** g.url.user Userid.
316

	--- src/url.c
	+++ src/url.c
	@@ -50,11 +50,11 @@
50	int isHttps; /* True if a "https:" url */
51	int isSsh; /* True if an "ssh:" url */
52	int isAlias; /* Input URL was an alias */
53	char name; / Hostname for http: or filename for file: */
54	char hostname; / The HOST: parameter on http headers */
55	const char protocol; / "http" or "https" or "ssh" or "file" */
56	int port; /* TCP port number for http: or https: */
57	int dfltPort; /* The default port for the given protocol */
58	char path; / Pathname for http: */
59	char user; / User id for http: */
60	char passwd; / Password for http: */
	@@ -76,11 +76,11 @@
76	** as follows:
77	**
78	** isFile True if FILE:
79	** isHttps True if HTTPS:
80	** isSsh True if SSH:
81	** protocol "http" or "https" or "file" or "ssh"
82	** name Hostname for HTTP:, HTTPS:, SSH:. Filename for FILE:
83	** port TCP port number for HTTP or HTTPS.
84	** dfltPort Default TCP port number (80 or 443).
85	** path Path name for HTTP or HTTPS.
86	** user Userid.
	@@ -305,11 +305,11 @@
305	** form last-sync-pw.
306	**
307	** g.url.isFile True if FILE:
308	** g.url.isHttps True if HTTPS:
309	** g.url.isSsh True if SSH:
310	** g.url.protocol "http" or "https" or "file" or "ssh"
311	** g.url.name Hostname for HTTP:, HTTPS:, SSH:. Filename for FILE:
312	** g.url.port TCP port number for HTTP or HTTPS.
313	** g.url.dfltPort Default TCP port number (80 or 443).
314	** g.url.path Path name for HTTP or HTTPS.
315	** g.url.user Userid.
316

Fossil SCM

Keyboard Shortcuts