[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#609997: marked as done (apt: http method reencodes Location URIs in case of redirect)

Your message dated Sun, 24 Mar 2013 09:03:55 +0800
with message-id <87txo1ip6s.fsf@gmail.com>
and subject line Bug#609997: apt: http method reencodes Location URIs in case of redirect
has caused the Debian Bug report #609997,
regarding apt: http method reencodes Location URIs in case of redirect
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
609997: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609997
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apt
Version: 0.8.10
When an HTTP redirection code is received with a Location header, the http apt method tries again with the URL provided by that header. However, the URL gets quoted a second time, incorrectly escaping any % character in the initial request. The result is that the web server the request was redirected to is unable to serve the file associated with the URL. 

An illustration with a sample HTTP conversation:
1. a package file such as foo-1.1~bar_all.deb will be first requested by Apt with a properly encoded URL: 
GET /.../foo-1.1%7ebar_all.deb HTTP/1.1
Host: hosta
2. The web server on hosta then redirects with a 301 or 302 response, quoting the request URL without modification: 
HTTP/1.1 301 Moved Permanently
Location: http://hostb/path/.../foo-1.1%7ebar_all.deb
3. Apt then encodes the URL in the location field, and proceeds to request it to the second web server: 
GET /path/.../foo-1.1%257ebar_all.deb
Host: hostb
4. The web server at hostb is unable to find the requested URL and responds with: 
HTTP/1.1 404 Not Found

Below is a very simple patch to fix this issue.
---
 methods/http.cc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/methods/http.cc b/methods/http.cc
index 25e31de..c0ff134 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -949,7 +949,7 @@ HttpMethod::DealWithHeaders(FetchResult &Res,ServerState *Srv) 
    {
       if (!Srv->Location.empty())
       {
-         NextURI = Srv->Location;
+         NextURI = DeQuoteString(Srv->Location);
          return TRY_AGAIN_OR_REDIRECT;
       }
       /* else pass through for error message */
--
1.7.1.1

--- End Message ---
--- Begin Message --- 
Version: 0.8.15

Benjamin Ryzman <benjamin.ryzman@gmail.com> wrote:
>> When an HTTP redirection code is received with a Location header, the 
>> http apt method tries again with the URL provided by that header. 
>> However, the URL gets quoted a second time, incorrectly escaping any % 
>> character in the initial request. The result is that the web server the 
>> request was redirected to is unable to serve the file associated with 
>> the URL.

Raphael Geissert <geissert@debian.org> wrote:
> AFAICS, sid's apt has been fixed already. Not sure about other
> versions.

This was #602412, which is now archived so I will not merge it.

Closing.

--- End Message ---
Reply to: