From 9229494fa1744d26ed4b116d9cc3512c60e1a1da Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Thu, 29 Dec 2016 14:16:07 +0100 Subject: https: Quote path in URL before passing it to curl Curl requires URLs to be urlencoded. We are however giving it undecoded URLs. This causes it go completely nuts if there is a space in the URI, producing requests like: GET /a file HTTP/1.1 which the servers then interpret as a GET request for "/a" with HTTP version "file" or some other non-sense. This works around the issue by encoding the path component of the URL. I'm not sure if we should encode other parts of the URL as well, this one seems to do the trick for the actual issue at hand. A more correct fix is to avoid the dequoting and (re-)quoting of URLs when a redirect occurs / a new request is sent. That's been on the radar for probably a year or two now, but nobody bothered implementing that yet. LP: #1651923 (cherry picked from commit 994515e689dcc5f963f5fed58284831750a5da03) (cherry picked from commit 438b1d78b4c33d0a97406f0a7071e3c413dc0aa3) --- methods/https.cc | 4 ++++ .../test-ubuntu-bug-1651923-requote-https-uri | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100755 test/integration/test-ubuntu-bug-1651923-requote-https-uri diff --git a/methods/https.cc b/methods/https.cc index 82c6a1ae2..84f95e047 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -241,6 +241,10 @@ bool HttpsMethod::Fetch(FetchItem *Itm) maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc")); + // The "+" is encoded as a workaround for a amazon S3 bug + // see LP bugs #1003633 and #1086997. (taken from http method) + Uri.Path = QuoteString(Uri.Path, "+~ "); + FetchResult Res; CURLUserPointer userp(this, &Res, Itm); // callbacks diff --git a/test/integration/test-ubuntu-bug-1651923-requote-https-uri b/test/integration/test-ubuntu-bug-1651923-requote-https-uri new file mode 100755 index 000000000..bedd972b4 --- /dev/null +++ b/test/integration/test-ubuntu-bug-1651923-requote-https-uri @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture "i386" + +mkdir "aptarchive/target with space" +echo 'alright' > "aptarchive/target with space/working" +changetohttpswebserver +webserverconfig 'aptwebserver::redirect::replace::/targetwithoutspace/' '/target%20with%20space/' +webserverconfig 'aptwebserver::redirect::replace::/targetwithoutspace2/' '/target with space/' + +testsuccess apthelper download-file -o debug::acquire::http=1 "http://localhost:${APTHTTPPORT}/targetwithoutspace/working" httpfile1 +testsuccess apthelper download-file -o debug::acquire::http=1 "http://localhost:${APTHTTPPORT}/targetwithoutspace2/working" httpfile2 +testsuccess apthelper download-file -o debug::acquire::https=1 "https://localhost:${APTHTTPSPORT}/targetwithoutspace/working" httpsfile1 +testsuccess apthelper download-file -o debug::acquire::https=1 "https://localhost:${APTHTTPSPORT}/targetwithoutspace2/working" httpsfile2 -- cgit v1.2.3