dirmngr: Disable the HTTP redirect rewriting.

* dirmngr/http.h (struct http_redir_info_s): Add restrict_redir. * dirmngr/ks-engine-hkp.c (send_request): Set it depending on flags. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http-basic.c (test_http_prepare_redirect): Always set it. * dirmngr/http.c (http_prepare_redirect): Remove location rewriting unless the flag is set. -- GnuPG-bug-id: 6477
2023-06-15 15:06:21 +02:00 · 2023-06-15 15:06:21 +02:00 · 0a63afc79a
parent bf04b07327
commit 0a63afc79a
5 changed files with 11 additions and 6 deletions
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@ -3741,10 +3741,11 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
      http_release_parsed_uri (locuri);
      return err;
    }
-  else if (same_host_p (origuri, locuri))
+  else if (!info->restrict_redir || same_host_p (origuri, locuri))
    {
-      /* The host is the same or on an exception list and thus we can
-       * take the location verbatim.  */
+      /* Take the syntactically correct location or if restrict_redir
+       * is set the host is the same or on an exception list and thus
+       * we can take the location verbatim.  */
      http_release_parsed_uri (origuri);
      http_release_parsed_uri (locuri);
      newurl = xtrystrdup (location);
@ -3754,7 +3755,7 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
          return err;
        }
    }
-  else
+  else /* Strictly rectricted redirection which we used in the past.  */
    {
      /* We take only the host and port from the URL given in the
       * Location.  This limits the effects of redirection attacks by
--- a/dirmngr/http.h
+++ b/dirmngr/http.h
@ -117,6 +117,7 @@ struct http_redir_info_s
  unsigned int silent:1;         /* No diagnostics.                        */
  unsigned int allow_downgrade:1;/* Allow a downgrade from https to http.  */
  unsigned int trust_location:1; /* Trust the received Location header.    */
+  unsigned int restrict_redir:1; /* Use legacy restricted redirection.     */
 };
 typedef struct http_redir_info_s http_redir_info_t;

--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@ -1242,8 +1242,9 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
  redirinfo.orig_url   = request;
  redirinfo.orig_onion = uri->onion;
  redirinfo.allow_downgrade = 1;
-  /* FIXME: I am not sure whey we allow a downgrade for hkp requests.
-   * Needs at least an explanation here..  */
+  /* FIXME: I am not sure why we allow a downgrade for hkp requests.
+   * Needs at least an explanation here.  */
+  redirinfo.restrict_redir = !!(opt.compat_flags & COMPAT_RESTRICT_HTTP_REDIR);

 once_more:
  err = http_session_new (&session, httphost,
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@ -88,6 +88,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
  redirinfo.orig_onion = uri->onion;
  redirinfo.orig_https = uri->use_tls;
  redirinfo.allow_downgrade = !!(flags & KS_HTTP_FETCH_ALLOW_DOWNGRADE);
+  redirinfo.restrict_redir = !!(opt.compat_flags & COMPAT_RESTRICT_HTTP_REDIR);

  /* By default we only use the system provided certificates with this
   * fetch command.  */
--- a/dirmngr/t-http-basic.c
+++ b/dirmngr/t-http-basic.c
@ -165,6 +165,7 @@ test_http_prepare_redirect (void)
      ri.silent = 1;
      ri.redirects_left = 1;
      ri.orig_url = tests[tidx].url;
+      ri.restrict_redir = 1; /* This is what we used to test here.  */

      err = http_prepare_redirect (&ri, 301, tests[tidx].location, &newurl);
      if (err && newurl)