opengnsys_ipxe/src/net/tcp
Michael Brown 1844aacc83 [uri] Retain original encodings for path, query, and fragment fields
iPXE decodes any percent-encoded characters during the URI parsing
stage, thereby allowing protocol implementations to consume the raw
field values directly without further decoding.

When reconstructing a URI string for use in an HTTP request line, the
percent-encoding is currently reapplied in a reversible way: we
guarantee that our reconstructed URI string could be decoded to give
the same raw field values.

This technically violates RFC3986, which states that "URIs that differ
in the replacement of a reserved character with its corresponding
percent-encoded octet are not equivalent".  Experiments show that
several HTTP server applications will attach meaning to the choice of
whether or not a particular character was percent-encoded, even when
the percent-encoding is unnecessary from the perspective of parsing
the URI into its component fields.

Fix by storing the originally encoded substrings for the path, query,
and fragment fields and using these original encoded versions when
reconstructing a URI string.  The path field is also stored as a
decoded string, for use by protocols such as TFTP that communicate
using raw strings rather than URI-encoded strings.  All other fields
(such as the username and password) continue to be stored only in
their decoded versions since nothing ever needs to know the originally
encoded versions of these fields.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-11-12 09:58:29 +00:00
..
ftp.c [uri] Refactor URI parsing and formatting 2014-02-27 13:32:53 +00:00
http.c [http] Rewrite HTTP core to support content encodings 2015-08-17 13:24:33 +01:00
httpauth.c [http] Handle parsing of WWW-Authenticate header within authentication scheme 2017-11-12 18:52:04 +00:00
httpbasic.c [http] Handle parsing of WWW-Authenticate header within authentication scheme 2017-11-12 18:52:04 +00:00
httpblock.c [block] Describe all SAN devices via ACPI tables 2017-03-28 19:12:48 +03:00
httpconn.c [uri] Make URI schemes case-insensitive 2021-07-01 16:32:46 +01:00
httpcore.c [uri] Retain original encodings for path, query, and fragment fields 2021-11-12 09:58:29 +00:00
httpdigest.c [http] Handle parsing of WWW-Authenticate header within authentication scheme 2017-11-12 18:52:04 +00:00
httpgce.c [cloud] Add ability to retrieve Google Compute Engine metadata 2017-01-23 14:43:20 +00:00
httpntlm.c [http] Allow for domain names within NTLM user names 2018-02-19 11:58:28 +00:00
https.c [crypto] Allow private key to be specified as a TLS connection parameter 2020-12-15 16:54:06 +00:00
iscsi.c [iscsi] Allow iSCSI device to be described using an EFI device path 2020-10-20 15:05:37 +01:00
oncrpc.c [nfs] Fix double free bug on error path 2017-03-21 13:46:26 +02:00
syslogs.c [crypto] Allow private key to be specified as a TLS connection parameter 2020-12-15 16:54:06 +00:00