From: Fabian Keil Date: Tue, 15 Dec 2020 18:00:00 +0000 (+0100) Subject: redirect_url(): Check the actual URL when https inspecting requests X-Git-Tag: v_3_0_30~247 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=89da19109b8d75c69ed4b5c8f0e81842b7e5224e redirect_url(): Check the actual URL when https inspecting requests Previously we would only check the path which resulted in rewrite results being rejected as invalid URLs. Before: 19:37:29.494 014 Error: pcrs command "s@/test@/@" changed "/test" to "/" (1 hit), but the result doesn't look like a valid URL and will be ignored. After: 19:40:57.857 002 Redirect: pcrs command s@/test@/@ changed https://www.electrobsd.org/test to https://www.electrobsd.org/ (1 hit). Reported by withoutname in #1736. --- diff --git a/filters.c b/filters.c index ef9661ec..e5cf406d 100644 --- a/filters.c +++ b/filters.c @@ -66,6 +66,9 @@ #ifdef FEATURE_CLIENT_TAGS #include "client-tags.h" #endif +#ifdef FEATURE_HTTPS_INSPECTION +#include "ssl.h" +#endif #ifdef _WIN32 #include "win32.h" @@ -1220,8 +1223,33 @@ struct http_response *redirect_url(struct client_state *csp) if (*redirection_string == 's') { - old_url = csp->http->url; +#ifdef FEATURE_HTTPS_INSPECTION + if (client_use_ssl(csp)) + { + jb_err err; + + old_url = strdup_or_die("https://"); + err = string_append(&old_url, csp->http->hostport); + if (!err) err = string_append(&old_url, csp->http->path); + if (err) + { + log_error(LOG_LEVEL_FATAL, + "Failed to rebuild URL 'https://%s%s'", + csp->http->hostport, csp->http->path); + } + } + else +#endif + { + old_url = csp->http->url; + } new_url = rewrite_url(old_url, redirection_string); +#ifdef FEATURE_HTTPS_INSPECTION + if (client_use_ssl(csp)) + { + freez(old_url); + } +#endif } else {