Re: [PATCH spice-gtk v4 7/8] spice-uri: Validate uri scheme

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Mon, May 30, 2016 at 05:46:49PM +0200, Pavel Grunt wrote:
> Related: rhbz#1335239
> ---
>  src/spice-uri.c        | 26 ++++++++++++++++----------
>  tests/test-spice-uri.c |  2 ++
>  2 files changed, 18 insertions(+), 10 deletions(-)
>
> diff --git a/src/spice-uri.c b/src/spice-uri.c
> index 7eec6e5..83ebe79 100644
> --- a/src/spice-uri.c
> +++ b/src/spice-uri.c
> @@ -109,7 +109,9 @@ static void spice_uri_reset(SpiceURI *self)
>  G_GNUC_INTERNAL
>  gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
>  {
> -    gchar *dup, *uri;
> +    gchar *dup, *uri, **uriv = NULL;
> +    const gchar *uri_port = NULL;
> +    char *uri_scheme = NULL;
>      gboolean success = FALSE;
>      size_t len;
>
> @@ -122,17 +124,21 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
>      uri = dup = g_strdup(_uri);
>      /* FIXME: use GUri when it is ready... only support http atm */
>      /* the code is voluntarily not parsing thoroughly the uri */
> -    if (g_ascii_strncasecmp("http://";, uri, 7) == 0) {
> -        uri += 7;
> +    uri_scheme = g_uri_parse_scheme(uri);
> +    if (uri_scheme == NULL) {
>          spice_uri_set_scheme(self, "http");
> +    } else {
> +        spice_uri_set_scheme(self, uri_scheme);
> +        uri += strlen(uri_scheme) + 3; /* scheme + "://" */
> +    }
> +    if (g_ascii_strcasecmp(spice_uri_get_scheme(self), "http") == 0) {
>          spice_uri_set_port(self, 3128);
> -    } else if (g_ascii_strncasecmp("https://";, uri, 8) == 0) {
> -        uri += 8;
> -        spice_uri_set_scheme(self, "https");
> +    } else if (g_ascii_strcasecmp(spice_uri_get_scheme(self), "https") == 0) {
>          spice_uri_set_port(self, 3129);
>      } else {
> -        spice_uri_set_scheme(self, "http");
> -        spice_uri_set_port(self, 3128);
> +        g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
> +                    "Invalid uri scheme for proxy: %s", spice_uri_get_scheme(self));
> +        goto end;
>      }
>      /* remove trailing slash */
>      len = strlen(uri);
> @@ -156,8 +162,7 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
>      }
>
>      /* max 2 parts, host:port */
> -    gchar **uriv = g_strsplit(uri, ":", 2);
> -    const gchar *uri_port = NULL;
> +    uriv = g_strsplit(uri, ":", 2);

This last chunk is not really related to the patch but why not.
Acked-by: Victor Toso <victortoso@xxxxxxxxxx>

>
>      if (uriv[0] == NULL || strlen(uriv[0]) == 0) {
>          g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
> @@ -190,6 +195,7 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
>      success = TRUE;
>
>  end:
> +    free(uri_scheme);
>      g_free(dup);
>      g_strfreev(uriv);
>      return success;
> diff --git a/tests/test-spice-uri.c b/tests/test-spice-uri.c
> index dca2101..51f652c 100644
> --- a/tests/test-spice-uri.c
> +++ b/tests/test-spice-uri.c
> @@ -39,6 +39,8 @@ static void test_spice_uri_ipv4_bad(void)
>          {"http://127.0.0.1:";, "http", "127.0.0.1", 3128, NULL, NULL, "Missing uri port"},
>          {"http://127.0.0.1:-80";, "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
>          {"http://127.0.0.1:8000000";, "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},
> +        {"scheme://192.168.1.1:3128", "http", "127.0.0.1", 3128, NULL, NULL,
> +         "Invalid uri scheme for proxy: scheme"},
>      };
>  
>      guint i;
> -- 
> 2.8.3
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]