dirmngr: Disable the HTTP redirect rewriting.

* dirmngr/http.h (struct http_redir_info_s): Add restrict_redir.
* dirmngr/ks-engine-hkp.c (send_request): Set it depending on flags.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http-basic.c (test_http_prepare_redirect): Always set it.
* dirmngr/http.c (http_prepare_redirect): Remove location rewriting
unless the flag is set.
--

GnuPG-bug-id: 6477

5 files changed, 11 insertions, 6 deletions

diff --git a/dirmngr/http.c b/dirmngr/http.c
index b4c501736..8153fcef4 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -3741,10 +3741,11 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
       http_release_parsed_uri (locuri);
       return err;
     }
-  else if (same_host_p (origuri, locuri))
+  else if (!info->restrict_redir || same_host_p (origuri, locuri))
     {
-      /* The host is the same or on an exception list and thus we can
-       * take the location verbatim.  */
+      /* Take the syntactically correct location or if restrict_redir
+       * is set the host is the same or on an exception list and thus
+       * we can take the location verbatim.  */
       http_release_parsed_uri (origuri);
       http_release_parsed_uri (locuri);
       newurl = xtrystrdup (location);
@@ -3754,7 +3755,7 @@ http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
           return err;
         }
     }
-  else
+  else /* Strictly rectricted redirection which we used in the past.  */
     {
       /* We take only the host and port from the URL given in the
        * Location.  This limits the effects of redirection attacks by
diff --git a/dirmngr/http.h b/dirmngr/http.h
index 18420c925..e60212761 100644
--- a/dirmngr/http.h
+++ b/dirmngr/http.h
@@ -117,6 +117,7 @@ struct http_redir_info_s
   unsigned int silent:1;         /* No diagnostics.                        */
   unsigned int allow_downgrade:1;/* Allow a downgrade from https to http.  */
   unsigned int trust_location:1; /* Trust the received Location header.    */
+  unsigned int restrict_redir:1; /* Use legacy restricted redirection.     */
 };
 typedef struct http_redir_info_s http_redir_info_t;
 
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 5292da844..66291bc02 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -1242,8 +1242,9 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr,
   redirinfo.orig_url   = request;
   redirinfo.orig_onion = uri->onion;
   redirinfo.allow_downgrade = 1;
-  /* FIXME: I am not sure whey we allow a downgrade for hkp requests.
-   * Needs at least an explanation here..  */
+  /* FIXME: I am not sure why we allow a downgrade for hkp requests.
+   * Needs at least an explanation here.  */
+  redirinfo.restrict_redir = !!(opt.compat_flags & COMPAT_RESTRICT_HTTP_REDIR);
 
  once_more:
   err = http_session_new (&session, httphost,
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index f55a25774..3dca80ee6 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -88,6 +88,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
   redirinfo.orig_onion = uri->onion;
   redirinfo.orig_https = uri->use_tls;
   redirinfo.allow_downgrade = !!(flags & KS_HTTP_FETCH_ALLOW_DOWNGRADE);
+  redirinfo.restrict_redir = !!(opt.compat_flags & COMPAT_RESTRICT_HTTP_REDIR);
 
   /* By default we only use the system provided certificates with this
    * fetch command.  */
diff --git a/dirmngr/t-http-basic.c b/dirmngr/t-http-basic.c
index edf82efb9..ba3d07a8c 100644
--- a/dirmngr/t-http-basic.c
+++ b/dirmngr/t-http-basic.c
@@ -165,6 +165,7 @@ test_http_prepare_redirect (void)
       ri.silent = 1;
       ri.redirects_left = 1;
       ri.orig_url = tests[tidx].url;
+      ri.restrict_redir = 1; /* This is what we used to test here.  */
 
       err = http_prepare_redirect (&ri, 301, tests[tidx].location, &newurl);
       if (err && newurl)