Commit Graph

16 Commits (a278d112877a0c347e42694d399d62ebbafc1dee)

Author SHA1 Message Date
Timo Teräs ca1d975e5e libfetch: fix range checking for http/ftp protocol parsing
Various parsing of numeric strings were not having adequate range
checking causing information leak or potential crash.

CVE-2021-36159
fixes #10749

Co-authored-by: Ariadne Conill <ariadne@dereferenced.org>
Reported-by: Samanta Navarro <ferivoz@riseup.net>
2021-07-26 14:43:14 +03:00
Timo Teräs d909ebc25b libfetch: simplify code by merging protocol error handling branches
removes some code duplication
2021-07-16 10:25:14 +03:00
Timo Teräs bc0ed3774a libfetch: send Proxy-Authorization also for https connect
fixes #10738
2021-03-16 16:22:11 +02:00
Martin Vahlensieck 8e993fe969 Use correct port when redirected
If server redirects from http to https, libfetch detects this, but
wrongly uses the old url scheme to determine the port. This subsequently
leads to the following OpenSSL error:

139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:

Using the new scheme fixes this.  This error message comes from trying
to connect to port 80 with TLS, it can also be observed by issuing
  $ openssl s_client -connect alpinelinux.org:80

This bug was introduced in commit:
7158474 libfetch: keep http auth only if redirect is for the same host
2021-03-13 12:53:20 +02:00
Timo Teräs acca5cbff0 libfetch: fix connection pooling for proxied http/https requests
The connection pooling was broken in two ways:

 1. The original URL was always used as the connection pool URL,
    resulting in duplicate connections to the proxy for http URLs
    (each http URL would get separate proxy connection)

 2. The cache_url stored was always the socket level connect URL.
    In case of HTTPS, the lookup was done done with the real URL,
    but the proxy URL was stored as the "cache URL". Thus HTTPS
    CONNECT connections were never re-used.

This fixes the code with following logic:

 1. The cache key url is the real URL when no-proxy, or when HTTPS
    with proxy (the socket is connected to proxy, but logically it
    is connected to the real URL due to HTTP CONNECT request).
    And for HTTP with proxy, it's the proxy URL so same proxy
    connection can be reused for all requests going through it.

 2. fetch_connect() now gets cache key URL separately, and it always
    gets the same value as the fetch_cache_get() calls.
2021-01-19 16:42:38 +02:00
Conny Seifert 4087ab92c4 libfetch: fix parsing of proxy response to CONNECT requests
Instead of skipping just one line, properly parse the response headers.

[TT: reworded commit message]
2021-01-19 12:08:52 +02:00
Timo Teräs 7158474f1b libfetch: keep http auth only if redirect is for the same host
fixes #10688
2020-10-06 11:24:05 +03:00
Timo Teräs eae92bbacf libfetch: fixups to packetization socket option setting
- split the code to a helper function
- do not set sockets to corked state when putting back to
  cache so socket state is always deterministic
- cork/uncork also when sending CONNECT to a proxy, this
  can reduce a little bit the latency how fast the packet
  gets sent out
- also pair corking with uncorking in http_request to make
  it more obvious pairing
2020-03-25 08:50:44 +02:00
Alexander Wauck 09dbe46a76 libfetch: minor HTTP handling improvement
The recent TCP_CORK change missed this bit of code.  This change
should improve performance a bit when making HTTP requests by calling
http_cmd only once instead of three times.
2020-03-25 08:33:37 +02:00
Timo Teräs 271047cc93 libfetch: support TCP_CORK
Unfortunately libfetch operates on raw sockets and is sending
each HTTP request line using separate syscall which causes the
HTTP request to be sent as multiple packets over the wire in most
configurations. This is not good for performance, but can also
cause subtle breakage if there's DPI firewall that does not get
the Host header.

Incidentally, it seems that on BSDs libfetch already sets
TCP_NOPUSH optimize the packetization. This commit adds same
logic for using TCP_CORK if available. When using TCP_CORK
there is no requirement to set TCP_NODELAY as uncorking will
also cause immediate send. Keep TCP_NODELAY in the fallback
codepaths.

Long term, it might make sense to replace or rewrite libfetch
to use application level buffering.
2020-02-18 15:36:01 +02:00
Timo Teräs 44daf80873 fix strncpy bounds errors
error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]

Based on patch by Elan Ruusamäe <glen@delfi.ee>
2019-02-13 16:05:27 +02:00
Timo Teräs f90af35e9c libfetch: add option to set "Cache-Control: no-cache"
ref #8161
2018-01-03 14:25:07 +02:00
Timo Teräs 99e7bb93df libfetch: honor https_proxy variable for https
fixes #8160
2018-01-03 10:43:31 +02:00
Timo Teräs 531fea4c90 libfetch: remove unwanted code conditionals 2017-10-05 16:59:14 +03:00
Timo Teräs 86436fce2f build and use bundled libfetch natively 2017-10-05 16:59:14 +03:00
Timo Teräs 9dc6278c7b import libfetch-2.38 from NetBSD
ftp://ftp.fu-berlin.de/unix/NetBSD/packages/current-src/pkgsrc/net/libfetch/files

libfetch comes (at least) in netbsd and freebsd flavors which
differing functionality. Alpine and Arch package netbsd one,
but it's not widely packaged across other distributions.

We need NetBSD version as it does not use funopen(3) which is not
supported in musl, and supports connection pooling.

FreeBSD seems to be the orignal and better maintained version
with support for SSL CAs, client certificate authentication,
proxy authentication, and improved http redirect handling.

So this imports NetBSD version, and future commits will pick up
the needed improvements from FreeBSD tree.

Incidentally, this also fixes #7857 and likes for good.
2017-10-05 16:58:09 +03:00