[Spice-devel] [PATCH spice-gtk v4 7/8] spice-uri: Validate uri scheme
Pavel Grunt
pgrunt at redhat.com
Tue May 31 09:07:21 UTC 2016
On Tue, 2016-05-31 at 10:50 +0200, Victor Toso wrote:
> Hi,
>
> On Mon, May 30, 2016 at 05:46:49PM +0200, Pavel Grunt wrote:
> > Related: rhbz#1335239
> > ---
> > src/spice-uri.c | 26 ++++++++++++++++----------
> > tests/test-spice-uri.c | 2 ++
> > 2 files changed, 18 insertions(+), 10 deletions(-)
> >
> > diff --git a/src/spice-uri.c b/src/spice-uri.c
> > index 7eec6e5..83ebe79 100644
> > --- a/src/spice-uri.c
> > +++ b/src/spice-uri.c
> > @@ -109,7 +109,9 @@ static void spice_uri_reset(SpiceURI *self)
> > G_GNUC_INTERNAL
> > gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)
> > {
> > - gchar *dup, *uri;
> > + gchar *dup, *uri, **uriv = NULL;
> > + const gchar *uri_port = NULL;
> > + char *uri_scheme = NULL;
> > gboolean success = FALSE;
> > size_t len;
> >
> > @@ -122,17 +124,21 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar
> > *_uri, GError **error)
> > uri = dup = g_strdup(_uri);
> > /* FIXME: use GUri when it is ready... only support http atm */
> > /* the code is voluntarily not parsing thoroughly the uri */
> > - if (g_ascii_strncasecmp("http://", uri, 7) == 0) {
> > - uri += 7;
> > + uri_scheme = g_uri_parse_scheme(uri);
> > + if (uri_scheme == NULL) {
> > spice_uri_set_scheme(self, "http");
> > + } else {
> > + spice_uri_set_scheme(self, uri_scheme);
> > + uri += strlen(uri_scheme) + 3; /* scheme + "://" */
> > + }
> > + if (g_ascii_strcasecmp(spice_uri_get_scheme(self), "http") == 0) {
> > spice_uri_set_port(self, 3128);
> > - } else if (g_ascii_strncasecmp("https://", uri, 8) == 0) {
> > - uri += 8;
> > - spice_uri_set_scheme(self, "https");
> > + } else if (g_ascii_strcasecmp(spice_uri_get_scheme(self), "https") ==
> > 0) {
> > spice_uri_set_port(self, 3129);
> > } else {
> > - spice_uri_set_scheme(self, "http");
> > - spice_uri_set_port(self, 3128);
> > + g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
> > + "Invalid uri scheme for proxy: %s",
> > spice_uri_get_scheme(self));
> > + goto end;
> > }
> > /* remove trailing slash */
> > len = strlen(uri);
> > @@ -156,8 +162,7 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar
> > *_uri, GError **error)
> > }
> >
> > /* max 2 parts, host:port */
> > - gchar **uriv = g_strsplit(uri, ":", 2);
> > - const gchar *uri_port = NULL;
> > + uriv = g_strsplit(uri, ":", 2);
>
> This last chunk is not really related to the patch but why not.
> Acked-by: Victor Toso <victortoso at redhat.com>
It is because the goto would miss the definitions. (uri_port should not be
problematic, but compiler complained...)
Pavel
>
> >
> > if (uriv[0] == NULL || strlen(uriv[0]) == 0) {
> > g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,
> > @@ -190,6 +195,7 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar
> > *_uri, GError **error)
> > success = TRUE;
> >
> > end:
> > + free(uri_scheme);
> > g_free(dup);
> > g_strfreev(uriv);
> > return success;
> > diff --git a/tests/test-spice-uri.c b/tests/test-spice-uri.c
> > index dca2101..51f652c 100644
> > --- a/tests/test-spice-uri.c
> > +++ b/tests/test-spice-uri.c
> > @@ -39,6 +39,8 @@ static void test_spice_uri_ipv4_bad(void)
> > {"http://127.0.0.1:", "http", "127.0.0.1", 3128, NULL, NULL,
> > "Missing uri port"},
> > {"http://127.0.0.1:-80", "http", "127.0.0.1", 3128, NULL, NULL,
> > "Port out of range"},
> > {"http://127.0.0.1:8000000", "http", "127.0.0.1", 3128, NULL, NULL,
> > "Port out of range"},
> > + {"scheme://192.168.1.1:3128", "http", "127.0.0.1", 3128, NULL,
> > NULL,
> > + "Invalid uri scheme for proxy: scheme"},
> > };
> >
> > guint i;
> > --
> > 2.8.3
> >
> > _______________________________________________
> > Spice-devel mailing list
> > Spice-devel at lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list