NetBSD Problem Report #52958
From www@NetBSD.org Sun Jan 28 11:18:42 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id BCF7A7A1EA
for <gnats-bugs@gnats.NetBSD.org>; Sun, 28 Jan 2018 11:18:42 +0000 (UTC)
Message-Id: <20180128111841.BE7F08E1CD@mollari.NetBSD.org>
Date: Sun, 28 Jan 2018 11:18:41 +0000 (UTC)
From: tr@vispaul.me
Reply-To: tr@vispaul.me
To: gnats-bugs@NetBSD.org
Subject: httpd embeds "http" links on error page
X-Send-Pr-Version: www-1.0
>Number: 52958
>Category: bin
>Synopsis: httpd embeds "http" links on error page
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jan 28 11:20:00 +0000 2018
>Closed-Date: Mon Feb 19 20:05:48 +0000 2018
>Last-Modified: Mon Feb 19 20:05:48 +0000 2018
>Originator: Travis Paul
>Release: current and 7.1.1
>Organization:
>Environment:
NetBSD n7.local 7.1.1 NetBSD 7.1.1 (GENERIC.201712222334Z) amd64
>Description:
The httpd error page embeds a link at the bottom of the page, this link always uses "http://" even when served from "https://".
>How-To-Repeat:
Run httpd with SSL enabled, e.g.:
/usr/libexec/httpd -b -f -I 8888 -s -Z cert/certificate.pem cert/key.pem /tmp
GET a resource that doesn't exist such as https://127.0.0.1:8888/foo. The response body will contain a link such as:
<a href="http://127.0.0.1:8888/">127.0.0.1:8888</a>
>Fix:
Index: bozohttpd.c
===================================================================
RCS file: /cvsroot/src/libexec/httpd/bozohttpd.c,v
retrieving revision 1.86
diff -u -u -r1.86 bozohttpd.c
--- bozohttpd.c 5 Feb 2017 01:55:03 -0000 1.86
+++ bozohttpd.c 28 Jan 2018 10:56:11 -0000
@@ -1990,11 +1990,13 @@
"<html><head><title>%s</title></head>\n"
"<body><h1>%s</h1>\n"
"%s%s: <pre>%s</pre>\n"
- "<hr><address><a href=\"http://%s%s/\">%s%s</a></address>\n"
+ "<hr><address><a href=\"%s://%s%s/\">%s%s</a></address>\n"
"</body></html>\n",
header, header,
user ? user : "", file,
- reason, hostname, portbuf, hostname, portbuf);
+ reason,
+ httpd->sslinfo ? "https" : "http",
+ hostname, portbuf, hostname, portbuf);
free(user);
if (size >= (int)BUFSIZ) {
bozowarn(httpd,
>Release-Note:
>Audit-Trail:
From: coypu@sdf.org
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/52958: httpd embeds "http" links on error page
Date: Sun, 28 Jan 2018 12:13:58 +0000
You can make a protocol-agnostic link like:
href="//www.mything.com"
Does this work as well for you?
From: tr@vispaul.me
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: bin/52958: httpd embeds "http" links on error page
Date: Sun, 28 Jan 2018 20:55:21 +0800
On 2018-01-28 20:25, coypu@sdf.org wrote:
> The following reply was made to PR bin/52958; it has been noted by
> GNATS.
>
> From: coypu@sdf.org
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: bin/52958: httpd embeds "http" links on error page
> Date: Sun, 28 Jan 2018 12:13:58 +0000
>
> You can make a protocol-agnostic link like:
> href="//www.mything.com"
>
> Does this work as well for you?
Yes, that works for me.
From: "Maya Rashish" <maya@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52958 CVS commit: src/libexec/httpd
Date: Sun, 28 Jan 2018 13:37:39 +0000
Module Name: src
Committed By: maya
Date: Sun Jan 28 13:37:39 UTC 2018
Modified Files:
src/libexec/httpd: bozohttpd.c
Log Message:
Use a protocol-agnostic URL (don't degrade HTTPS->HTTP)
Suggested by Travis Paul in PR bin/52958.
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 src/libexec/httpd/bozohttpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52958 CVS commit: [netbsd-8] src/libexec/httpd
Date: Sun, 4 Feb 2018 12:49:25 +0000
Module Name: src
Committed By: martin
Date: Sun Feb 4 12:49:25 UTC 2018
Modified Files:
src/libexec/httpd [netbsd-8]: bozohttpd.c
Log Message:
Pull up following revision(s) (requested by maya in ticket #522):
libexec/httpd/bozohttpd.c: revision 1.87
Use a protocol-agnostic URL (don't degrade HTTPS->HTTP)
Suggested by Travis Paul in PR bin/52958.
To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.86.4.1 src/libexec/httpd/bozohttpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Soren Jacobsen" <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52958 CVS commit: [netbsd-7] src/libexec/httpd
Date: Mon, 19 Feb 2018 19:43:14 +0000
Module Name: src
Committed By: snj
Date: Mon Feb 19 19:43:14 UTC 2018
Modified Files:
src/libexec/httpd [netbsd-7]: bozohttpd.c
Log Message:
Pull up following revision(s) (requested by maya in ticket #1564):
libexec/httpd/bozohttpd.c: 1.87
Use a protocol-agnostic URL (don't degrade HTTPS->HTTP)
Suggested by Travis Paul in PR bin/52958.
To generate a diff of this commit:
cvs rdiff -u -r1.56.2.8 -r1.56.2.9 src/libexec/httpd/bozohttpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Mon, 19 Feb 2018 20:05:48 +0000
State-Changed-Why:
Pulled up, thanks for the patch!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.