Bug #2830: 1.4.46 regression: $SERVER["socket"] matches when it shouldn't - Lighttpd - lighty labs

Actions

Copy link

Bug #2830

closed

1.4.46 regression: $SERVER["socket"] matches when it shouldn't

Added by glen about 7 years ago. Updated about 7 years ago.

Status:

Fixed

Priority:

High

Category:

core

Target version:

1.4.47

ASK QUESTIONS IN Forums:

Description

i had such config fragment:

# redirect plain http
$SERVER["socket"] == ":80" {
    $HTTP["host"] == "example.net" {
        url.redirect = (
            "^/git/(.*)" => "https://example.net/$1",
            "^/(.*)" => "https://example.net/$1",
        )
    }
}

$HTTP["host"] == "example.net" {
   server.document-root = "/var/www",

}

and upgrading 1.4.45 ~~> 1.4.46 resulted redirect loop (redirecting http~~>https; https->https; https->https; https->https....)

the fix is simple, use this check instead:

$HTTP["scheme"] == "http" {

as documented: https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToRedirectHttpToHttps

however i consider it regression, should at least mentioned somewhere.

Related issues 1 (0 open — 1 closed)

Actions

Copy link

Updated by stbuehler about 7 years ago

$SERVER["socket"] == ":80" shouldn't match https on port 443, we should fix that instead of documenting it :)

Actions

Copy link

Updated by stbuehler about 7 years ago

Has duplicate Bug #2831: Authentication setting bug in 1.4.46 added

Actions

Copy link

Updated by stbuehler about 7 years ago

Subject changed from 1.4.46 regression: $SERVER["socket"] test for http/https redirect fails to 1.4.46 regression: $SERVER["socket"] matches when it shouldn't

Actions

Copy link

Updated by stbuehler about 7 years ago

Priority changed from Normal to High
Target version changed from 1.4.x to 1.4.47

Actions

Copy link

Updated by gstrauss about 7 years ago

Category set to core
Status changed from New to Patch Pending

I am testing this now: The address string needs to be normalized with the port. (The port was missing)
[edited]

--- a/src/network.c
+++ b/src/network.c
@@ -205,7 +205,14 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
        srv_socket->is_ssl = s->ssl_enabled;

        srv_socket->srv_token = buffer_init();
-       sock_addr_inet_ntop_copy_buffer(srv_socket->srv_token, &srv_socket->addr);
+       if (addr.plain.sa_family == AF_INET6) buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN("["));
+       sock_addr_inet_ntop_append_buffer(srv_socket->srv_token, &srv_socket->addr);
+       if (addr.plain.sa_family == AF_INET6) buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN("]"));
+       if (addr.plain.sa_family != AF_UNIX) {
+               port = addr.plain.sa_family == AF_INET ? ntohs(addr.ipv4.sin_port) : ntohs(addr.ipv6.sin6_port);
+               buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN(":"));
+               buffer_append_int(srv_socket->srv_token, port);
+       }
        /* update host_token (dc->string) for consistent string comparison in lighttpd.conf conditions */
        buffer_copy_buffer(host_token, srv_socket->srv_token);

Actions

Copy link