summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2016-12-29 14:16:07 +0100
committerJulian Andres Klode <jak@debian.org>2017-01-17 01:59:15 +0100
commit994515e689dcc5f963f5fed58284831750a5da03 (patch)
treeb3e010a1d151fd0c0241bc3c193c817a9061f0af
parent1dcd7d291be1d39127c4b95778549f323e61ef15 (diff)
https: Quote path in URL before passing it to curl
Curl requires URLs to be urlencoded. We are however giving it undecoded URLs. This causes it go completely nuts if there is a space in the URI, producing requests like: GET /a file HTTP/1.1 which the servers then interpret as a GET request for "/a" with HTTP version "file" or some other non-sense. This works around the issue by encoding the path component of the URL. I'm not sure if we should encode other parts of the URL as well, this one seems to do the trick for the actual issue at hand. A more correct fix is to avoid the dequoting and (re-)quoting of URLs when a redirect occurs / a new request is sent. That's been on the radar for probably a year or two now, but nobody bothered implementing that yet. LP: #1651923
-rw-r--r--methods/https.cc4
-rwxr-xr-xtest/integration/test-ubuntu-bug-1651923-requote-https-uri19
2 files changed, 23 insertions, 0 deletions
diff --git a/methods/https.cc b/methods/https.cc
index d60bc6fbc..d71ef0bf0 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -275,6 +275,10 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
if (Server == nullptr || Server->Comp(Itm->Uri) == false)
Server = CreateServerState(Itm->Uri);
+ // The "+" is encoded as a workaround for a amazon S3 bug
+ // see LP bugs #1003633 and #1086997. (taken from http method)
+ Uri.Path = QuoteString(Uri.Path, "+~ ");
+
FetchResult Res;
RequestState Req(this, Server.get());
CURLUserPointer userp(this, &Res, Itm, &Req);
diff --git a/test/integration/test-ubuntu-bug-1651923-requote-https-uri b/test/integration/test-ubuntu-bug-1651923-requote-https-uri
new file mode 100755
index 000000000..bedd972b4
--- /dev/null
+++ b/test/integration/test-ubuntu-bug-1651923-requote-https-uri
@@ -0,0 +1,19 @@
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture "i386"
+
+mkdir "aptarchive/target with space"
+echo 'alright' > "aptarchive/target with space/working"
+changetohttpswebserver
+webserverconfig 'aptwebserver::redirect::replace::/targetwithoutspace/' '/target%20with%20space/'
+webserverconfig 'aptwebserver::redirect::replace::/targetwithoutspace2/' '/target with space/'
+
+testsuccess apthelper download-file -o debug::acquire::http=1 "http://localhost:${APTHTTPPORT}/targetwithoutspace/working" httpfile1
+testsuccess apthelper download-file -o debug::acquire::http=1 "http://localhost:${APTHTTPPORT}/targetwithoutspace2/working" httpfile2
+testsuccess apthelper download-file -o debug::acquire::https=1 "https://localhost:${APTHTTPSPORT}/targetwithoutspace/working" httpsfile1
+testsuccess apthelper download-file -o debug::acquire::https=1 "https://localhost:${APTHTTPSPORT}/targetwithoutspace2/working" httpsfile2