Absolute redirect with '://' in URL param should be valid

Signed-off-by: Ivan Afonichev <ivan.afonichev@gmail.com>

diff --git a/http.c b/http.c
index 4967f4ec1c7c60eee4c20e006f835159ce30f5b3..fc6538c16c2b839502249eec8d74edc718be6e73 100644 (file)
--- a/http.c
+++ b/http.c
@@ -657,6 +657,13 @@ int handle_redirect(struct openconnect_info *vpninfo)
                vpninfo->redirect_url = NULL;
 
                return 0;
+        } else if (vpninfo->redirect_url[0] == '/') {
+                /* Absolute redirect within same host */
+                free(vpninfo->urlpath);
+                vpninfo->urlpath = strdup(vpninfo->redirect_url + 1);
+                free(vpninfo->redirect_url);
+                vpninfo->redirect_url = NULL;
+                return 0;
        } else if (strstr(vpninfo->redirect_url, "://")) {
                vpn_progress(vpninfo, PRG_ERR,
                             _("Cannot follow redirection to non-https URL '%s'\n"),
@@ -664,13 +671,6 @@ int handle_redirect(struct openconnect_info *vpninfo)
                free(vpninfo->redirect_url);
                vpninfo->redirect_url = NULL;
                return -EINVAL;
-       } else if (vpninfo->redirect_url[0] == '/') {
-               /* Absolute redirect within same host */
-               free(vpninfo->urlpath);
-               vpninfo->urlpath = strdup(vpninfo->redirect_url + 1);
-               free(vpninfo->redirect_url);
-               vpninfo->redirect_url = NULL;
-               return 0;
        } else {
                char *lastslash = NULL;
                if (vpninfo->urlpath)