Fossil SCM
Do not follow a redirect from HTTPS to HTTP.
Commit
c19f782e54b47f4f8c553401443a18c26ff438f29461d929609f1cf824d0eba9
Parent
1ad56ceeaf6be17…
1 file changed
+6
-2
+6
-2
| --- src/http.c | ||
| +++ src/http.c | ||
| @@ -113,15 +113,13 @@ | ||
| 113 | 113 | static void http_build_header( |
| 114 | 114 | Blob *pPayload, /* the payload that will be sent */ |
| 115 | 115 | Blob *pHdr, /* construct the header here */ |
| 116 | 116 | const char *zAltMimetype /* Alternative mimetype */ |
| 117 | 117 | ){ |
| 118 | - int i; | |
| 119 | 118 | int nPayload = pPayload ? blob_size(pPayload) : 0; |
| 120 | 119 | |
| 121 | 120 | blob_zero(pHdr); |
| 122 | - i = strlen(g.url.path); | |
| 123 | 121 | blob_appendf(pHdr, "%s %s HTTP/1.0\r\n", |
| 124 | 122 | nPayload>0 ? "POST" : "GET", g.url.path); |
| 125 | 123 | if( g.url.proxyAuth ){ |
| 126 | 124 | blob_appendf(pHdr, "Proxy-Authorization: %s\r\n", g.url.proxyAuth); |
| 127 | 125 | } |
| @@ -357,10 +355,11 @@ | ||
| 357 | 355 | closeConnection = 0; |
| 358 | 356 | } |
| 359 | 357 | }else if( ( rc==301 || rc==302 || rc==307 || rc==308 ) && |
| 360 | 358 | fossil_strnicmp(zLine, "location:", 9)==0 ){ |
| 361 | 359 | int i, j; |
| 360 | + int wasHttps; | |
| 362 | 361 | |
| 363 | 362 | if ( --maxRedirect == 0){ |
| 364 | 363 | fossil_warning("redirect limit exceeded"); |
| 365 | 364 | goto write_err; |
| 366 | 365 | } |
| @@ -375,11 +374,16 @@ | ||
| 375 | 374 | zLine[j] = 0; |
| 376 | 375 | } |
| 377 | 376 | if( (mHttpFlags & HTTP_QUIET)==0 ){ |
| 378 | 377 | fossil_print("redirect with status %d to %s\n", rc, &zLine[i]); |
| 379 | 378 | } |
| 379 | + wasHttps = g.url.isHttps; | |
| 380 | 380 | url_parse(&zLine[i], 0); |
| 381 | + if( wasHttps && !g.url.isHttps ){ | |
| 382 | + fossil_warning("cannot redirect from HTTPS to HTTP"); | |
| 383 | + goto write_err; | |
| 384 | + } | |
| 381 | 385 | transport_close(&g.url); |
| 382 | 386 | transport_global_shutdown(&g.url); |
| 383 | 387 | fSeenHttpAuth = 0; |
| 384 | 388 | if( g.zHttpAuth ) free(g.zHttpAuth); |
| 385 | 389 | g.zHttpAuth = get_httpauth(); |
| 386 | 390 |
| --- src/http.c | |
| +++ src/http.c | |
| @@ -113,15 +113,13 @@ | |
| 113 | static void http_build_header( |
| 114 | Blob *pPayload, /* the payload that will be sent */ |
| 115 | Blob *pHdr, /* construct the header here */ |
| 116 | const char *zAltMimetype /* Alternative mimetype */ |
| 117 | ){ |
| 118 | int i; |
| 119 | int nPayload = pPayload ? blob_size(pPayload) : 0; |
| 120 | |
| 121 | blob_zero(pHdr); |
| 122 | i = strlen(g.url.path); |
| 123 | blob_appendf(pHdr, "%s %s HTTP/1.0\r\n", |
| 124 | nPayload>0 ? "POST" : "GET", g.url.path); |
| 125 | if( g.url.proxyAuth ){ |
| 126 | blob_appendf(pHdr, "Proxy-Authorization: %s\r\n", g.url.proxyAuth); |
| 127 | } |
| @@ -357,10 +355,11 @@ | |
| 357 | closeConnection = 0; |
| 358 | } |
| 359 | }else if( ( rc==301 || rc==302 || rc==307 || rc==308 ) && |
| 360 | fossil_strnicmp(zLine, "location:", 9)==0 ){ |
| 361 | int i, j; |
| 362 | |
| 363 | if ( --maxRedirect == 0){ |
| 364 | fossil_warning("redirect limit exceeded"); |
| 365 | goto write_err; |
| 366 | } |
| @@ -375,11 +374,16 @@ | |
| 375 | zLine[j] = 0; |
| 376 | } |
| 377 | if( (mHttpFlags & HTTP_QUIET)==0 ){ |
| 378 | fossil_print("redirect with status %d to %s\n", rc, &zLine[i]); |
| 379 | } |
| 380 | url_parse(&zLine[i], 0); |
| 381 | transport_close(&g.url); |
| 382 | transport_global_shutdown(&g.url); |
| 383 | fSeenHttpAuth = 0; |
| 384 | if( g.zHttpAuth ) free(g.zHttpAuth); |
| 385 | g.zHttpAuth = get_httpauth(); |
| 386 |
| --- src/http.c | |
| +++ src/http.c | |
| @@ -113,15 +113,13 @@ | |
| 113 | static void http_build_header( |
| 114 | Blob *pPayload, /* the payload that will be sent */ |
| 115 | Blob *pHdr, /* construct the header here */ |
| 116 | const char *zAltMimetype /* Alternative mimetype */ |
| 117 | ){ |
| 118 | int nPayload = pPayload ? blob_size(pPayload) : 0; |
| 119 | |
| 120 | blob_zero(pHdr); |
| 121 | blob_appendf(pHdr, "%s %s HTTP/1.0\r\n", |
| 122 | nPayload>0 ? "POST" : "GET", g.url.path); |
| 123 | if( g.url.proxyAuth ){ |
| 124 | blob_appendf(pHdr, "Proxy-Authorization: %s\r\n", g.url.proxyAuth); |
| 125 | } |
| @@ -357,10 +355,11 @@ | |
| 355 | closeConnection = 0; |
| 356 | } |
| 357 | }else if( ( rc==301 || rc==302 || rc==307 || rc==308 ) && |
| 358 | fossil_strnicmp(zLine, "location:", 9)==0 ){ |
| 359 | int i, j; |
| 360 | int wasHttps; |
| 361 | |
| 362 | if ( --maxRedirect == 0){ |
| 363 | fossil_warning("redirect limit exceeded"); |
| 364 | goto write_err; |
| 365 | } |
| @@ -375,11 +374,16 @@ | |
| 374 | zLine[j] = 0; |
| 375 | } |
| 376 | if( (mHttpFlags & HTTP_QUIET)==0 ){ |
| 377 | fossil_print("redirect with status %d to %s\n", rc, &zLine[i]); |
| 378 | } |
| 379 | wasHttps = g.url.isHttps; |
| 380 | url_parse(&zLine[i], 0); |
| 381 | if( wasHttps && !g.url.isHttps ){ |
| 382 | fossil_warning("cannot redirect from HTTPS to HTTP"); |
| 383 | goto write_err; |
| 384 | } |
| 385 | transport_close(&g.url); |
| 386 | transport_global_shutdown(&g.url); |
| 387 | fSeenHttpAuth = 0; |
| 388 | if( g.zHttpAuth ) free(g.zHttpAuth); |
| 389 | g.zHttpAuth = get_httpauth(); |
| 390 |