Implement RFC 8615 (Well-Known URIs) and refine access errors

We generally rejected any URI that had a path component beginning
with a '.', i.e. a hidden file. RFC 8615 specifies the well-known URI,
which is used, for instance, with the "http-01" challenge type in
acme-client(1) and will probably see more usage in the future.

To support it, we move the hidden target check after the stat(), so we
don't have to worry about canonicalization of dir-URIs (i.e. missing
trailing '/'). This changes the behaviour a bit, as now quark won't
only send out a 403 whenever a hidden target is requested, but only
if it actually exists, and a 404 otherwise.

Given the earlier call to normabspath() ensures that our path begins
with a '/', we don't need the first check "realtarget[0] == '.'"
anymore, so it can be removed.

Thanks to Robert Russell <robertrussell.72001@gmail.com> for reporting
the lack of support of the RFC 8615 in quark.

Signed-off-by: Laslo Hunhold <dev@frign.de>
This commit is contained in:
Laslo Hunhold 2020-08-17 10:33:55 +02:00
parent 660699492f
commit 3bd49b2456
No known key found for this signature in database
GPG key ID: 69576BD24CFCB980

14
http.c
View file

@ -600,11 +600,6 @@ http_send_response(int fd, const struct request *req)
return http_send_status(fd, S_BAD_REQUEST);
}
/* reject hidden target */
if (realtarget[0] == '.' || strstr(realtarget, "/.")) {
return http_send_status(fd, S_FORBIDDEN);
}
/* stat the target */
if (stat(RELPATH(realtarget), &st) < 0) {
return http_send_status(fd, (errno == EACCES) ?
@ -623,6 +618,15 @@ http_send_response(int fd, const struct request *req)
}
}
/*
* reject hidden target, except if it is a well-known URI
* according to RFC 8615
*/
if (strstr(realtarget, "/.") && strncmp(realtarget,
"/.well-known/", sizeof("/.well-known/") - 1)) {
return http_send_status(fd, S_FORBIDDEN);
}
/* redirect if targets differ, host is non-canonical or we prefixed */
if (strcmp(req->target, realtarget) || (s.vhost && vhostmatch &&
strcmp(req->field[REQ_HOST], vhostmatch))) {