Ugh, please ignore, probably.
> On Mar 1, 2019, at 8:11 PM, Evan Silberman <e...@jklol.net> wrote:
>
>
>> Synopsis: httpd 'request rewrite' double-encodes captured segments
>> Category: user
>> Environment:
> System : OpenBSD 6.4
> Details : OpenBSD 6.4 (GENERIC) #6: Sat Jan 26 19:51:53 CET 2019
>
> r...@syspatch-64-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
>
> Architecture: OpenBSD.amd64
> Machine : amd64
>> Description:
> When using 'request rewrite' to reroute an httpd request internally,
> portions of the request path captured by 'location match' path end up
> double-percent-encoded request is redispatched.
>
>> How-To-Repeat:
> Consider the following httpd.conf stanzas, assuming "/dest/" is a folder
> in the httpd chroot and they are configuring an uncomplicated server
> block:
>
> location match "/orig/(.*)" {
> request rewrite "/dest/%1"
> }
> location match "/é/(.*)" {
> request rewrite "/dest/%1"
> }
> location "/dest/*" {
> root "/"
> }
>
> The request "/orig/é.txt" seems to be canonicalized as
> "/orig/%C3%A9.txt", then incorrectly redispatched to
> "/dest/%25C3%25A9.txt". By way of contrast, and evidently isolating the
> issue to capture groups, the request "/é/uri-safe.txt" will be correctly
> redispatched to "/dest/uri-safe.txt", and requests to "/dest/é.txt" are
> canonicalized as "/dest/%C3%A9.txt" but not redispatched and work as
> expected with utf8 filenames on the filesystem.
>
>
>> Fix:
> Reviewing usr.sbin/httpd/server_http.c,
>
> dmesg omitted due to likely irrelevance, please request if desired
