Ugh, please ignore, probably. > On Mar 1, 2019, at 8:11 PM, Evan Silberman <e...@jklol.net> wrote: > > >> Synopsis: httpd 'request rewrite' double-encodes captured segments >> Category: user >> Environment: > System : OpenBSD 6.4 > Details : OpenBSD 6.4 (GENERIC) #6: Sat Jan 26 19:51:53 CET 2019 > > r...@syspatch-64-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC > > Architecture: OpenBSD.amd64 > Machine : amd64 >> Description: > When using 'request rewrite' to reroute an httpd request internally, > portions of the request path captured by 'location match' path end up > double-percent-encoded request is redispatched. > >> How-To-Repeat: > Consider the following httpd.conf stanzas, assuming "/dest/" is a folder > in the httpd chroot and they are configuring an uncomplicated server > block: > > location match "/orig/(.*)" { > request rewrite "/dest/%1" > } > location match "/é/(.*)" { > request rewrite "/dest/%1" > } > location "/dest/*" { > root "/" > } > > The request "/orig/é.txt" seems to be canonicalized as > "/orig/%C3%A9.txt", then incorrectly redispatched to > "/dest/%25C3%25A9.txt". By way of contrast, and evidently isolating the > issue to capture groups, the request "/é/uri-safe.txt" will be correctly > redispatched to "/dest/uri-safe.txt", and requests to "/dest/é.txt" are > canonicalized as "/dest/%C3%A9.txt" but not redispatched and work as > expected with utf8 filenames on the filesystem. > > >> Fix: > Reviewing usr.sbin/httpd/server_http.c, > > dmesg omitted due to likely irrelevance, please request if desired