dirmngr: Avoid possible CSRF attacks via http redirects.
authorWerner Koch <wk@gnupg.org>
Thu, 22 Nov 2018 21:27:56 +0000 (22:27 +0100)
committerWerner Koch <wk@gnupg.org>
Thu, 22 Nov 2018 21:36:07 +0000 (22:36 +0100)
commitfa1b1eaa4241ff3f0634c8bdf8591cbc7c464144
tree76948d823519d0f18c8f2fb90afdbb9a07f1a440
parente5c3a6999a374813134a9e68744444c25c3017f6
dirmngr: Avoid possible CSRF attacks via http redirects.

* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--

With this change a http query will not follow a redirect unless the
Location header gives the same host.  If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
dirmngr/Makefile.am
dirmngr/http.c
dirmngr/http.h
dirmngr/ks-engine-hkp.c
dirmngr/ks-engine-http.c
dirmngr/t-http-basic.c [new file with mode: 0644]
dirmngr/t-http.c