Skip to content

Do not escape malformed URI twice when sending ICP errors#2374

Closed
rousskov wants to merge 1 commit intosquid-cache:masterfrom
measurement-factory:SQUID-111-icpGetRequest-extra-url-escape
Closed

Do not escape malformed URI twice when sending ICP errors#2374
rousskov wants to merge 1 commit intosquid-cache:masterfrom
measurement-factory:SQUID-111-icpGetRequest-extra-url-escape

Conversation

@rousskov
Copy link
Contributor

Authored-by: Joshua Rogers megamansec@gmail.com

In this context, escaping escaped URI always produces incorrect URI
because % character in the escaped URI gets escaped again. Feeding the
result of the first rfc1738_escape() call to the second call is also
dangerously wrong because the result of the first call gets invalidated
during the second call.

No other cases of such "chained" rfc1738_escape() calls were found.

Broken since 2002 commit e6ccf24.

Authored-by: Joshua Rogers <megamansec@gmail.com>

In this context, escaping escaped URI always produces incorrect URI
because `%` character in the escaped URI gets escaped again. Feeding the
result of the first rfc1738_escape() call to the second call is also
dangerously wrong because the result of the first call gets invalidated
during the second call.

No other cases of such "chained" rfc1738_escape() calls were found.

Broken since 2002 commit e6ccf24.
Copy link
Contributor Author

@rousskov rousskov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I developed this fix independently, but I am attributing it to @MegaManSec because Joshua made the same code change in #2220. That PR description does not discuss that change. Since addressing other problems in that PR requires a lot more efforts and may take some time, I decided to post this small fix as a separate PR.

@rousskov rousskov added the S-could-use-an-approval An approval may speed this PR merger (but is not required) label Feb 10, 2026
rousskov added a commit to MegaManSec/squid that referenced this pull request Feb 10, 2026
This reverts commit 9af3d82. That
change is correct, but it addresses a rather different bug, and it may
be best to merge it separately (via squid-cache#2374).
@yadij yadij added M-cleared-for-merge https://github.com/measurement-factory/anubis#pull-request-labels backport-to-v7 maintainer has approved these changes for v7 backporting and removed S-could-use-an-approval An approval may speed this PR merger (but is not required) labels Feb 11, 2026
squid-anubis pushed a commit that referenced this pull request Feb 11, 2026
In this context, escaping escaped URI always produces incorrect URI
because `%` character in the escaped URI gets escaped again. Feeding the
result of the first rfc1738_escape() call to the second call is also
dangerously wrong because the result of the first call gets invalidated
during the second call.

No other cases of such "chained" rfc1738_escape() calls were found.

Broken since 2002 commit e6ccf24.
@squid-anubis squid-anubis added the M-waiting-staging-checks https://github.com/measurement-factory/anubis#pull-request-labels label Feb 11, 2026
@squid-anubis squid-anubis added M-merged https://github.com/measurement-factory/anubis#pull-request-labels and removed M-waiting-staging-checks https://github.com/measurement-factory/anubis#pull-request-labels M-cleared-for-merge https://github.com/measurement-factory/anubis#pull-request-labels labels Feb 11, 2026
squidadm pushed a commit to squidadm/squid that referenced this pull request Feb 11, 2026
…e#2374)

In this context, escaping escaped URI always produces incorrect URI
because `%` character in the escaped URI gets escaped again. Feeding the
result of the first rfc1738_escape() call to the second call is also
dangerously wrong because the result of the first call gets invalidated
during the second call.

No other cases of such "chained" rfc1738_escape() calls were found.

Broken since 2002 commit e6ccf24.
@squidadm squidadm removed the backport-to-v7 maintainer has approved these changes for v7 backporting label Feb 11, 2026
@squidadm
Copy link
Collaborator

queued for backport to v7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

M-merged https://github.com/measurement-factory/anubis#pull-request-labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants