Project

General

Profile

Bug #2830

1.4.46 regression: $SERVER["socket"] matches when it shouldn't

Added by glen 6 months ago. Updated 6 months ago.

Status:
Fixed
Priority:
High
Assignee:
-
Category:
core
Target version:
Start date:
2017-10-22
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

i had such config fragment:

# redirect plain http
$SERVER["socket"] == ":80" {
    $HTTP["host"] == "example.net" {
        url.redirect = (
            "^/git/(.*)" => "https://example.net/$1",
            "^/(.*)" => "https://example.net/$1",
        )
    }
}

$HTTP["host"] == "example.net" {
   server.document-root = "/var/www",

}

and upgrading 1.4.45 -> 1.4.46 resulted redirect loop (redirecting http->https; https->https; https->https; https->https....)

the fix is simple, use this check instead:

$HTTP["scheme"] == "http" {

as documented: https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToRedirectHttpToHttps

however i consider it regression, should at least mentioned somewhere.


Related issues

Has duplicate Bug #2831: Authentication setting bug in 1.4.46Duplicate2017-10-22

Associated revisions

Revision 58520661 (diff)
Added by gstrauss 6 months ago

[core] fix 1.4.46 regression in config match (fixes #2830)

address strings need to have DNS resolved and port added
for consistency when matching other config conditionals

x-ref:
"1.4.46 regression: $SERVER["socket"] matches when it shouldn't"
https://redmine.lighttpd.net/issues/2830

Revision 3549fc82 (diff)
Added by gstrauss 6 months ago

[core] normalize config addrs for != match (#2830)

address strings need to have DNS resolved and port added
for consistency when matching other config conditionals

x-ref:
"1.4.46 regression: $SERVER["socket"] matches when it shouldn't"
https://redmine.lighttpd.net/issues/2830

Revision f5ff2a01 (diff)
Added by gstrauss 6 months ago

[core] normalize config addrs for eq and ne (#2830)

address strings need to have DNS resolved and port added
for consistency when matching other config conditionals

x-ref:
"1.4.46 regression: $SERVER["socket"] matches when it shouldn't"
https://redmine.lighttpd.net/issues/2830

History

#1

Updated by stbuehler 6 months ago

$SERVER["socket"] == ":80" shouldn't match https on port 443, we should fix that instead of documenting it :)

#2

Updated by stbuehler 6 months ago

  • Has duplicate Bug #2831: Authentication setting bug in 1.4.46 added
#3

Updated by stbuehler 6 months ago

  • Subject changed from 1.4.46 regression: $SERVER["socket"] test for http/https redirect fails to 1.4.46 regression: $SERVER["socket"] matches when it shouldn't
#4

Updated by stbuehler 6 months ago

  • Priority changed from Normal to High
  • Target version changed from 1.4.x to 1.4.47
#5

Updated by gstrauss 6 months ago

  • Category set to core
  • Status changed from New to Patch Pending

I am testing this now: The address string needs to be normalized with the port. (The port was missing)
[edited]

--- a/src/network.c
+++ b/src/network.c
@@ -205,7 +205,14 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
        srv_socket->is_ssl = s->ssl_enabled;

        srv_socket->srv_token = buffer_init();
-       sock_addr_inet_ntop_copy_buffer(srv_socket->srv_token, &srv_socket->addr);
+       if (addr.plain.sa_family == AF_INET6) buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN("["));
+       sock_addr_inet_ntop_append_buffer(srv_socket->srv_token, &srv_socket->addr);
+       if (addr.plain.sa_family == AF_INET6) buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN("]"));
+       if (addr.plain.sa_family != AF_UNIX) {
+               port = addr.plain.sa_family == AF_INET ? ntohs(addr.ipv4.sin_port) : ntohs(addr.ipv6.sin6_port);
+               buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN(":"));
+               buffer_append_int(srv_socket->srv_token, port);
+       }
        /* update host_token (dc->string) for consistent string comparison in lighttpd.conf conditions */
        buffer_copy_buffer(host_token, srv_socket->srv_token);

#6

Updated by gstrauss 6 months ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom