diff options
| author | Werner Koch <[email protected]> | 2018-11-22 21:27:56 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-11-23 08:23:26 +0000 |
| commit | 4a4bb874f63741026bd26264c43bb32b1099f060 (patch) | |
| tree | 0857a46bd3ddc7e0afda2ffb1bebde518d8e9c6e /dirmngr/http.h | |
| parent | doc: Clarify use of clear and nodefault in the AKL. (diff) | |
| download | gnupg-4a4bb874f63741026bd26264c43bb32b1099f060.tar.gz gnupg-4a4bb874f63741026bd26264c43bb32b1099f060.zip | |
dirmngr: Avoid possible CSRF attacks via http redirects.
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--
With this change a http query will not follow a redirect unless the
Location header gives the same host. If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144)
Diffstat (limited to '')
| -rw-r--r-- | dirmngr/http.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/dirmngr/http.h b/dirmngr/http.h index 4cfb4c890..a0458f87c 100644 --- a/dirmngr/http.h +++ b/dirmngr/http.h @@ -58,6 +58,8 @@ struct parsed_uri_s char *auth; /* username/password for basic auth. */ char *host; /* Host (converted to lowercase). */ unsigned short port; /* Port (always set if the host is set). */ + unsigned short off_host; /* Offset to the HOST respective PATH parts */ + unsigned short off_path; /* in the original URI buffer. */ char *path; /* Path. */ uri_tuple_t params; /* ";xxxxx" */ uri_tuple_t query; /* "?xxx=yyy" */ @@ -100,6 +102,21 @@ typedef struct http_session_s *http_session_t; struct http_context_s; typedef struct http_context_s *http_t; +/* An object used to track redirection infos. */ +struct http_redir_info_s +{ + unsigned int redirects_left; /* Number of still possible redirects. */ + const char *orig_url; /* The original requested URL. */ + unsigned int orig_onion:1; /* Original request was an onion address. */ + unsigned int orig_https:1; /* Original request was a http address. */ + unsigned int silent:1; /* No diagnostics. */ + unsigned int allow_downgrade:1;/* Allow a downgrade from https to http. */ + unsigned int trust_location:1; /* Trust the received Location header. */ +}; +typedef struct http_redir_info_s http_redir_info_t; + + + /* A TLS verify callback function. */ typedef gpg_error_t (*http_verify_cb_t) (void *opaque, http_t http, @@ -176,5 +193,9 @@ gpg_error_t http_verify_server_credentials (http_session_t sess); char *http_escape_string (const char *string, const char *specials); char *http_escape_data (const void *data, size_t datalen, const char *specials); +gpg_error_t http_prepare_redirect (http_redir_info_t *info, + unsigned int status_code, + const char *location, char **r_url); + #endif /*GNUPG_COMMON_HTTP_H*/ |