Bug #73362 for CGI-Untaint-Filenames: https via proxy

Mon Dec 19 06:54:44 2011 yusufnulwala [...] indiatimes.com - Ticket created

Subject:

https via proxy

After going thru your solution I did the necessary changes in the perl modules but the https requests are failing via proxy. My http request runs fine with proxy even when the direct line is connected the https code works fine it is only via proxy that it starts giving problems. This is what comes to https::new function DEBUGing: https.pm called:LWP::Protocol::https::Socket|PeerAddr|secure.lme.com|PeerPort|443|LocalAddr||Proto|tcp|Timeout|30|KeepAlive||SendTE|1|ConnectProxy|http://196.1.1.14:8080|SSL_verifycn_scheme|www|SSL_ca_file|/usr/lib/perl5/site_perl/5.14.2/Mozilla/CA/cacert.pem|SSL_verify_mode|1|UA|LWP::UserAgent=HASH(0x786360) The request object dumped out is : $VAR1 = bless( { '_content' => '', '_uri' => bless( do{\(my $o = 'http://196.1.1.14:8080/secure.lme.com:443')}, 'URI:: http' ), '_headers' => bless( {}, 'HTTP::Headers' ), '_method' => 'CONNECT' }, 'HTTP::Request' ); Prepare request http://196.1.1.14:8080/secure.lme.com:443 LWP::UserAgent=HASH(0x786360)|request_preprepare|HTTP::Request=HASH(0xf64b40) LWP::UserAgent=HASH(0x786360)|request_prepare|HTTP::Request=HASH(0xf64b40) LWP::UserAgent=HASH(0x786360)|request_send|HTTP::Request=HASH(0xf64b40) http request LWP::Protocol::http=HASH(0xdd50d8)|HTTP::Request=HASH(0xf64b40)|http://196.1.1.14:8080|||30 debugging: http.pm called:LWP::Protocol::http=HASH(0xdd50d8)|196.1.1.14|8080|30| LWP::UserAgent=HASH(0x786360)|response_done|HTTP::Response=HASH(0x11c76b0) Response object dumped : $VAR1 = bless( { '_protocol' => 'HTTP/1.0', '_content' => '', 'client_socket' => bless( \*Symbol::GEN0, 'LWP::Protocol::http::Socket' ), '_rc' => '403', '_headers' => bless( { 'proxy-connection' => 'close', 'date' => 'Mon, 19 Dec 2011 10:41:28 GMT', 'x-squid-error' => 'ERR_ACCESS_DENIED 0', 'client-peer' => '196.1.1.14:8080', 'content-length' => '445', 'client-date' => 'Mon, 19 Dec 2011 10:41:28 GMT', 'via' => '1.0 none.local:3128 (squid)', 'content-type' => 'text/html', 'server' => 'squid', 'x-cache' => 'MISS from none.local', 'x-cache-lookup' => 'NONE from none.local:3128', 'expires' => 'Mon, 19 Dec 2011 10:41:28 GMT' }, 'HTTP::Headers' ), '_msg' => 'Forbidden', '_request' => bless( { '_content' => '', '_uri' => bless( do{\(my $o = 'http://196.1.1.14:8080/secure.lme.com:443')}, 'URI::http' ), '_headers' => bless( { 'user-agent' => 'MSIE/6.0' }, 'HTTP::Headers' ), '_method' => 'CONNECT', '_uri_canonical' => $VAR1->{'_request'}{'_uri'}, 'proxy' => bless( do{\(my $o = 'http://196.1.1.14:8080')}, ' URI::http' ) }, 'HTTP::Request' ) }, 'HTTP::Response' ); Any further inputs in this regards shall be helpfull

Mon Aug 06 22:46:01 2012 DHUDES [...] cpan.org - Correspondence added

On Mon Dec 19 06:54:44 2011, Yusuf wrote: Show quoted text

> After going thru your solution I did the necessary changes in the perl > modules but the https requests are failing via proxy. My http request > runs fine with proxy even when the direct line is connected the https > code works fine it is only via proxy that it starts giving problems.

Proxy? On CGI::UntaintFilename??? It's not making any LWP requests. It just does some regex work to ensure that the name doesn't contain shell escapes and stuff. Maybe you mean to be doing something with my Abuse Detection System modules?? Even they don't make any LWP requests. The information you supply doesn't allow me to reproduce the error. If you supply a small example that demonstrates the error I will take a look.

Mon Aug 06 22:46:02 2012 The RT System itself - Status changed from 'new' to 'open'

Mon Aug 06 22:47:38 2012 DHUDES [...] cpan.org - Correspondence added

CGI::Untaint modules don't make LWP requests.

Mon Aug 06 22:47:38 2012 DHUDES [...] cpan.org - Status changed from 'open' to 'rejected'