[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 66/282: urlapi: guess scheme correct even with credentials given
From: |
gnunet |
Subject: |
[gnurl] 66/282: urlapi: guess scheme correct even with credentials given |
Date: |
Wed, 01 Apr 2020 14:28:51 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit d3dc0a07e9bd11afaac026802a9701f0796de780
Author: Daniel Stenberg <address@hidden>
AuthorDate: Mon Jan 27 17:28:40 2020 +0100
urlapi: guess scheme correct even with credentials given
In the "scheme-less" parsing case, we need to strip off credentials
first before we guess scheme based on the host name!
Assisted-by: Jay Satiro
Fixes #4856
Closes #4857
---
lib/urlapi.c | 68 +++++++++++++++++++++++++++----------------------
tests/libtest/lib1560.c | 10 +++++++-
2 files changed, 46 insertions(+), 32 deletions(-)
diff --git a/lib/urlapi.c b/lib/urlapi.c
index fa514bce5..506e244dc 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -428,7 +428,6 @@ static char *concat_url(const char *base, const char
*relurl)
*
*/
static CURLUcode parse_hostname_login(struct Curl_URL *u,
- const struct Curl_handler *h,
char **hostname,
unsigned int flags)
{
@@ -437,6 +436,7 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u,
char *userp = NULL;
char *passwdp = NULL;
char *optionsp = NULL;
+ const struct Curl_handler *h = NULL;
/* At this point, we're hoping all the other special cases have
* been taken care of, so conn->host.name is at most
@@ -456,6 +456,10 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u,
* ftp://user:address@hidden:8021/README */
*hostname = ++ptr;
+ /* if this is a known scheme, get some details */
+ if(u->scheme)
+ h = Curl_builtin_scheme(u->scheme);
+
/* We could use the login information in the URL so extract it. Only parse
options if the handler says we should. Note that 'h' might be NULL! */
ccode = Curl_parse_login_details(login, ptr - login - 1,
@@ -571,7 +575,7 @@ UNITTEST CURLUcode Curl_parse_port(struct Curl_URL *u, char
*hostname)
}
/* scan for byte values < 31 or 127 */
-static CURLUcode junkscan(char *part)
+static CURLUcode junkscan(const char *part)
{
if(part) {
static const char badbytes[]={
@@ -668,10 +672,9 @@ static CURLUcode seturl(const char *url, CURLU *u,
unsigned int flags)
CURLUcode result;
bool url_has_scheme = FALSE;
char schemebuf[MAX_SCHEME_LEN + 1];
- char *schemep = NULL;
+ const char *schemep = NULL;
size_t schemelen = 0;
size_t urllen;
- const struct Curl_handler *h = NULL;
if(!url)
return CURLUE_MALFORMED_INPUT;
@@ -798,7 +801,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned
int flags)
if(!(flags & (CURLU_DEFAULT_SCHEME|CURLU_GUESS_SCHEME)))
return CURLUE_MALFORMED_INPUT;
if(flags & CURLU_DEFAULT_SCHEME)
- schemep = (char *) DEFAULT_SCHEME;
+ schemep = DEFAULT_SCHEME;
/*
* The URL was badly formatted, let's try without scheme specified.
@@ -820,36 +823,17 @@ static CURLUcode seturl(const char *url, CURLU *u,
unsigned int flags)
return CURLUE_MALFORMED_INPUT;
}
- if((flags & CURLU_GUESS_SCHEME) && !schemep) {
- /* legacy curl-style guess based on host name */
- if(checkprefix("ftp.", hostname))
- schemep = (char *)"ftp";
- else if(checkprefix("dict.", hostname))
- schemep = (char *)"dict";
- else if(checkprefix("ldap.", hostname))
- schemep = (char *)"ldap";
- else if(checkprefix("imap.", hostname))
- schemep = (char *)"imap";
- else if(checkprefix("smtp.", hostname))
- schemep = (char *)"smtp";
- else if(checkprefix("pop3.", hostname))
- schemep = (char *)"pop3";
- else
- schemep = (char *)"http";
- }
-
len = strlen(p);
memcpy(path, p, len);
path[len] = 0;
- u->scheme = strdup(schemep);
- if(!u->scheme)
- return CURLUE_OUT_OF_MEMORY;
+ if(schemep) {
+ u->scheme = strdup(schemep);
+ if(!u->scheme)
+ return CURLUE_OUT_OF_MEMORY;
+ }
}
- /* if this is a known scheme, get some details */
- h = Curl_builtin_scheme(u->scheme);
-
if(junkscan(path))
return CURLUE_MALFORMED_INPUT;
@@ -916,7 +900,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned
int flags)
if(junkscan(hostname))
return CURLUE_MALFORMED_INPUT;
- result = parse_hostname_login(u, h, &hostname, flags);
+ result = parse_hostname_login(u, &hostname, flags);
if(result)
return result;
@@ -936,6 +920,28 @@ static CURLUcode seturl(const char *url, CURLU *u,
unsigned int flags)
u->host = strdup(hostname);
if(!u->host)
return CURLUE_OUT_OF_MEMORY;
+
+ if((flags & CURLU_GUESS_SCHEME) && !schemep) {
+ /* legacy curl-style guess based on host name */
+ if(checkprefix("ftp.", hostname))
+ schemep = "ftp";
+ else if(checkprefix("dict.", hostname))
+ schemep = "dict";
+ else if(checkprefix("ldap.", hostname))
+ schemep = "ldap";
+ else if(checkprefix("imap.", hostname))
+ schemep = "imap";
+ else if(checkprefix("smtp.", hostname))
+ schemep = "smtp";
+ else if(checkprefix("pop3.", hostname))
+ schemep = "pop3";
+ else
+ schemep = "http";
+
+ u->scheme = strdup(schemep);
+ if(!u->scheme)
+ return CURLUE_OUT_OF_MEMORY;
+ }
}
Curl_safefree(u->scratch);
diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c
index 7f8accc7d..6228a137b 100644
--- a/tests/libtest/lib1560.c
+++ b/tests/libtest/lib1560.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2019, Daniel Stenberg, <address@hidden>, et al.
+ * Copyright (C) 1998 - 2020, Daniel Stenberg, <address@hidden>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -129,6 +129,14 @@ struct querycase {
};
static struct testcase get_parts_list[] ={
+ {"user:address@hidden/color/#green?no-black",
+ "ftp | user | moo | [13] | ftp.example.com | [15] | /color/ | [16] | "
+ "green?no-black",
+ CURLU_GUESS_SCHEME, 0, CURLUE_OK },
+ {"ftp.user:address@hidden/color/#green?no-black",
+ "http | ftp.user | moo | [13] | example.com | [15] | /color/ | [16] | "
+ "green?no-black",
+ CURLU_GUESS_SCHEME, 0, CURLUE_OK },
#ifdef WIN32
{"file:/C:\\programs\\foo",
"file | [11] | [12] | [13] | [14] | [15] | C:\\programs\\foo | [16] | [17]",
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 73/282: quiche: update to draft-25, (continued)
- [gnurl] 73/282: quiche: update to draft-25, gnunet, 2020/04/01
- [gnurl] 76/282: ntlm: Move the winbind data into the NTLM data structure, gnunet, 2020/04/01
- [gnurl] 74/282: altsvc: use h3-25, gnunet, 2020/04/01
- [gnurl] 80/282: openssl: remove redundant assignment, gnunet, 2020/04/01
- [gnurl] 83/282: tool_operhlp: Copyright year out of date, should be 2020, gnunet, 2020/04/01
- [gnurl] 68/282: multi_done: if multiplexed, make conn->data point to another transfer, gnunet, 2020/04/01
- [gnurl] 81/282: ntlm: Ensure the HTTP header data is not stored in the challenge/response, gnunet, 2020/04/01
- [gnurl] 67/282: location.d: the method change is from POST to GET only, gnunet, 2020/04/01
- [gnurl] 84/282: RELEASE-NOTES: synced, gnunet, 2020/04/01
- [gnurl] 86/282: docs/HTTP3: update the OpenSSL branch to use for ngtcp2, gnunet, 2020/04/01
- [gnurl] 66/282: urlapi: guess scheme correct even with credentials given,
gnunet <=
- [gnurl] 70/282: KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header, gnunet, 2020/04/01
- [gnurl] 69/282: oauth2-bearer.d: works for HTTP too, gnunet, 2020/04/01
- [gnurl] 78/282: cirrus: Add some missing semicolons, gnunet, 2020/04/01
- [gnurl] 71/282: cookie: check __Secure- and __Host- case sensitively, gnunet, 2020/04/01
- [gnurl] 79/282: travis: update non-OpenSSL Linux jobs to Bionic, gnunet, 2020/04/01
- [gnurl] 77/282: cleanup: fix typos and wording in docs and comments, gnunet, 2020/04/01
- [gnurl] 85/282: ntlm: Pass the Curl_easy structure to the private winbind functions, gnunet, 2020/04/01
- [gnurl] 97/282: ntlm_wb: Use Curl_socketpair() for greater portability, gnunet, 2020/04/01
- [gnurl] 87/282: ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6, gnunet, 2020/04/01
- [gnurl] 90/282: RELEASE-PROCEDURE: feature win is closed post-release a few days, gnunet, 2020/04/01