Project

General

Profile

Actions

Bug #2830

closed

1.4.46 regression: $SERVER["socket"] matches when it shouldn't

Added by glen about 7 years ago. Updated about 7 years ago.

Status:
Fixed
Priority:
High
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

i had such config fragment:

# redirect plain http
$SERVER["socket"] == ":80" {
    $HTTP["host"] == "example.net" {
        url.redirect = (
            "^/git/(.*)" => "https://example.net/$1",
            "^/(.*)" => "https://example.net/$1",
        )
    }
}

$HTTP["host"] == "example.net" {
   server.document-root = "/var/www",

}

and upgrading 1.4.45 > 1.4.46 resulted redirect loop (redirecting http>https; https->https; https->https; https->https....)

the fix is simple, use this check instead:

$HTTP["scheme"] == "http" {

as documented: https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToRedirectHttpToHttps

however i consider it regression, should at least mentioned somewhere.


Related issues 1 (0 open1 closed)

Has duplicate Bug #2831: Authentication setting bug in 1.4.46Duplicate2017-10-22Actions
Actions #1

Updated by stbuehler about 7 years ago

$SERVER["socket"] == ":80" shouldn't match https on port 443, we should fix that instead of documenting it :)

Actions #2

Updated by stbuehler about 7 years ago

  • Has duplicate Bug #2831: Authentication setting bug in 1.4.46 added
Actions #3

Updated by stbuehler about 7 years ago

  • Subject changed from 1.4.46 regression: $SERVER["socket"] test for http/https redirect fails to 1.4.46 regression: $SERVER["socket"] matches when it shouldn't
Actions #4

Updated by stbuehler about 7 years ago

  • Priority changed from Normal to High
  • Target version changed from 1.4.x to 1.4.47
Actions #5

Updated by gstrauss about 7 years ago

  • Category set to core
  • Status changed from New to Patch Pending

I am testing this now: The address string needs to be normalized with the port. (The port was missing)
[edited]

--- a/src/network.c
+++ b/src/network.c
@@ -205,7 +205,14 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int
        srv_socket->is_ssl = s->ssl_enabled;

        srv_socket->srv_token = buffer_init();
-       sock_addr_inet_ntop_copy_buffer(srv_socket->srv_token, &srv_socket->addr);
+       if (addr.plain.sa_family == AF_INET6) buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN("["));
+       sock_addr_inet_ntop_append_buffer(srv_socket->srv_token, &srv_socket->addr);
+       if (addr.plain.sa_family == AF_INET6) buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN("]"));
+       if (addr.plain.sa_family != AF_UNIX) {
+               port = addr.plain.sa_family == AF_INET ? ntohs(addr.ipv4.sin_port) : ntohs(addr.ipv6.sin6_port);
+               buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN(":"));
+               buffer_append_int(srv_socket->srv_token, port);
+       }
        /* update host_token (dc->string) for consistent string comparison in lighttpd.conf conditions */
        buffer_copy_buffer(host_token, srv_socket->srv_token);

Actions #6

Updated by gstrauss about 7 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom