From: Fabian Keil <fk@fabiankeil.de>
Date: Sun, 20 Nov 2011 12:41:22 +0000 (+0000)
Subject: Document the +fast-redirects{} HTTP response splitting fix
X-Git-Tag: v_3_0_18~4
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/static/@default-cgi@toggle?a=commitdiff_plain;h=6310858037c78f3a15468f47aaa23a1507c906e4;p=privoxy.git

Document the +fast-redirects{} HTTP response splitting fix
---

diff --git a/ChangeLog b/ChangeLog
index b0e69b35..4a8e6eff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,10 @@ ChangeLog for Privoxy
 *** Version 3.0.18 Stable ***
 
 - Bug fixes:
+  - If the redirect URL contains characters RFC 3986 doesn't permit,
+    they are (re)encoded. Not doing this makes Privoxy versions from
+    3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
+    attacks if the +fast-redirects{check-decoded-url} action is used.
   - Fix a logic bug that could cause Privoxy to reuse a server
     socket after it got tainted by a server-header-tagger-induced
     block that was triggered before the whole server response had
diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index fa03f4dd..585d402b 100644
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -34,7 +34,7 @@
                 This file belongs into
                 ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
 
- $Id: user-manual.sgml,v 2.139 2011/11/18 16:49:29 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.140 2011/11/19 15:18:02 fabiankeil Exp $
 
  Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/
  See LICENSE.
@@ -60,7 +60,7 @@
  </subscript>
 </pubdate>
 
-<pubdate>$Id: user-manual.sgml,v 2.139 2011/11/18 16:49:29 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.140 2011/11/19 15:18:02 fabiankeil Exp $</pubdate>
 
 <!--
 
@@ -447,6 +447,14 @@ How to install the binary packages depends on your operating system:
    <para>
     Bug fixes:
     <itemizedlist>
+    <listitem>
+     <para>
+      If the redirect URL contains characters RFC 3986 doesn't permit,
+      they are (re)encoded. Not doing this makes Privoxy versions from
+      3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
+      attacks if the +fast-redirects{check-decoded-url} action is used.
+     </para>
+    </listitem>
     <listitem>
      <para>
       Fix a logic bug that could cause Privoxy to reuse a server
@@ -9362,6 +9370,9 @@ In file: user.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibut
  USA
 
  $Log: user-manual.sgml,v $
+ Revision 2.140  2011/11/19 15:18:02  fabiankeil
+ Update ChangeLog
+
  Revision 2.139  2011/11/18 16:49:29  fabiankeil
  Update ChangeLog
 
diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html
index 776982d6..67a98add 100644
--- a/doc/webserver/user-manual/whatsnew.html
+++ b/doc/webserver/user-manual/whatsnew.html
@@ -61,6 +61,14 @@ body {
         <p>Bug fixes:</p>
 
         <ul>
+          <li>
+            <p>If the redirect URL contains characters RFC 3986 doesn't
+            permit, they are (re)encoded. Not doing this makes Privoxy
+            versions from 3.0.5 to 3.0.17 susceptible to HTTP response
+            splitting (CWE-113) attacks if the
+            +fast-redirects{check-decoded-url} action is used.</p>
+          </li>
+
           <li>
             <p>Fix a logic bug that could cause Privoxy to reuse a server
             socket after it got tainted by a server-header-tagger-induced