debian/patches/40_redirect-ssl.patch

   1 Origin: https://www.privoxy.org/gitweb/?p=privoxy.git;h=89da1910
   2 Author: Fabian Keil <fk@fabiankeil.de>
   3 Date: Tue Dec 15 19:00:00 2020 +0100
   4 Bug: https://sourceforge.net/p/ijbswa/support-requests/1736/
   5 Forwarded: not needed, comes from upstream
   6 Subject: Check the actual URL when https inspecting requests
   7     redirect_url(): Check the actual URL when https inspecting requests
   8
   9     Previously we would only check the path which resulted
  10     in rewrite results being rejected as invalid URLs.
  11
  12     Before:
  13     19:37:29.494 014 Error: pcrs command "s@/test@/@" changed "/test" to "/" (1 hit), but the result doesn't look like a valid URL and will be ignored.
  14
  15     After:
  16     19:40:57.857 002 Redirect: pcrs command s@/test@/@ changed https://www.electrobsd.org/test to https://www.electrobsd.org/ (1 hit).
  17
  18     Reported by withoutname in #1736.
  19
  20 --- a/filters.c
  21 +++ b/filters.c
  22 @@ -66,6 +66,9 @@
  23  #ifdef FEATURE_CLIENT_TAGS
  24  #include "client-tags.h"
  25  #endif
  26 +#ifdef FEATURE_HTTPS_INSPECTION
  27 +#include "ssl.h"
  28 +#endif
  29
  30  #ifdef _WIN32
  31  #include "win32.h"
  32 @@ -1220,8 +1223,33 @@ struct http_response *redirect_url(struc
  33
  34        if (*redirection_string == 's')
  35        {
  36 -         old_url = csp->http->url;
  37 +#ifdef FEATURE_HTTPS_INSPECTION
  38 +         if (client_use_ssl(csp))
  39 +         {
  40 +            jb_err err;
  41 +
  42 +            old_url = strdup_or_die("https://");
  43 +            err = string_append(&old_url, csp->http->hostport);
  44 +            if (!err) err = string_append(&old_url, csp->http->path);
  45 +            if (err)
  46 +            {
  47 +               log_error(LOG_LEVEL_FATAL,
  48 +                  "Failed to rebuild URL 'https://%s%s'",
  49 +                  csp->http->hostport, csp->http->path);
  50 +            }
  51 +         }
  52 +         else
  53 +#endif
  54 +         {
  55 +            old_url = csp->http->url;
  56 +         }
  57           new_url = rewrite_url(old_url, redirection_string);
  58 +#ifdef FEATURE_HTTPS_INSPECTION
  59 +         if (client_use_ssl(csp))
  60 +         {
  61 +            freez(old_url);
  62 +         }
  63 +#endif
  64        }
  65        else
  66        {