From 25bf23105d0ae927a9b62a1d4f4f30312481955f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 16 Sep 2004 21:28:38 +0000 Subject: [PATCH] Location: problem with bad original URL, identified in bug report #1029478 --- CHANGES | 10 +++++++ lib/transfer.c | 9 +++++- tests/data/Makefile.am | 2 +- tests/data/test187 | 67 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 tests/data/test187 diff --git a/CHANGES b/CHANGES index c4d4f4c11..57f2f35f5 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,16 @@ Changelog +Daniel (16 September 2004) +- Anonymous filed bug report #1029478 which identified a bug when you 1) used + a URL without properly seperating the host name and the parameters with a + slash. 2) the URL had parameters to the right of a ? that contains a slash + 3) curl was told to follow Location:s 4) the request got a response that + contained a Location: to redirect to "/dir". curl then appended the new path + on the wrong position of the original URL. + + Test case 187 was added to verify that this was fixed properly. + Daniel (11 September 2004) - Added parsedate.[ch] that contains a rewrite of the date parser currently provided by getdate.y. The new one is MUCH smaller and will allow us to run diff --git a/lib/transfer.c b/lib/transfer.c index 2a3d0b10f..7f7211048 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -1801,8 +1801,15 @@ CURLcode Curl_follow(struct SessionHandle *data, /* We got a new absolute path for this server, cut off from the first slash */ pathsep = strchr(protsep, '/'); - if(pathsep) + if(pathsep) { + /* When people use badly formatted URLs, such as + "http://www.url.com?dir=/home/daniel" we must not use the first + slash, if there's a ?-letter before it! */ + char *sep = strchr(protsep, '?'); + if(sep && (sep < pathsep)) + pathsep = sep; *pathsep=0; + } else { /* There was no slash. Now, since we might be operating on a badly formatted URL, such as "http://www.url.com?id=2380" which doesn't diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am index 8d296c2b1..83c76ad53 100644 --- a/tests/data/Makefile.am +++ b/tests/data/Makefile.am @@ -26,7 +26,7 @@ EXTRA_DIST = test1 test108 test117 test127 test20 test27 test34 test46 \ test512 test165 test166 test167 test168 test169 test170 test171 \ test172 test204 test205 test173 test174 test175 test176 test177 \ test513 test514 test178 test179 test180 test181 test182 test183 \ - test184 test185 test186 + test184 test185 test186 test187 # The following tests have been removed from the dist since they no longer # work. We need to fix the test suite's FTPS server first, then bring them diff --git a/tests/data/test187 b/tests/data/test187 new file mode 100644 index 000000000..dbb86023a --- /dev/null +++ b/tests/data/test187 @@ -0,0 +1,67 @@ +# Server-side + + +HTTP/1.1 301 This is a weirdo text message +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Location: /root/1870002.txt?coolsite=yes +Connection: close + +This server reply is for testing a simple Location: following + + + +HTTP/1.1 200 Followed here fine swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake + +If this is received, the location following worked + + + +HTTP/1.1 301 This is a weirdo text message +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Location: /root/1870002.txt?coolsite=yes +Connection: close + +HTTP/1.1 200 Followed here fine swsclose +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake + +If this is received, the location following worked + + + + +# Client-side + + +http + + +HTTP redirect with bad host name separation and slash in parameters + + +http://%HOSTIP:%HTTPPORT?oh=what-weird=test/187 -L + + + +# Verify data after the test has been "shot" + + +^User-Agent:.* + + +GET /?oh=what-weird=test/187 HTTP/1.1 +Host: 127.0.0.1:%HTTPPORT +Pragma: no-cache +Accept: */* + +GET /root/1870002.txt?coolsite=yes HTTP/1.1 +Host: 127.0.0.1:%HTTPPORT +Pragma: no-cache +Accept: */* + + +