From owner-freebsd-bugs@FreeBSD.ORG Sun Sep 2 01:20:04 2007 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02F0C16A419 for ; Sun, 2 Sep 2007 01:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B8C4C13C442 for ; Sun, 2 Sep 2007 01:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l821K3gJ050040 for ; Sun, 2 Sep 2007 01:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l821K3mv050038; Sun, 2 Sep 2007 01:20:03 GMT (envelope-from gnats) Resent-Date: Sun, 2 Sep 2007 01:20:03 GMT Resent-Message-Id: <200709020120.l821K3mv050038@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Howard Chu Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E538E16A478 for ; Sun, 2 Sep 2007 01:12:55 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id CF8AD13C45B for ; Sun, 2 Sep 2007 01:12:55 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l821CtJu079594 for ; Sun, 2 Sep 2007 01:12:55 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.1/8.14.1/Submit) id l821CtU5079593; Sun, 2 Sep 2007 01:12:55 GMT (envelope-from nobody) Message-Id: <200709020112.l821CtU5079593@www.freebsd.org> Date: Sun, 2 Sep 2007 01:12:55 GMT From: Howard Chu To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: bin/116005: libfetch accepts invalid URLs X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Sep 2007 01:20:04 -0000 >Number: 116005 >Category: bin >Synopsis: libfetch accepts invalid URLs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Sep 02 01:20:03 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Howard Chu >Release: 6.2 >Organization: OpenLDAP Project >Environment: FreeBSD hurdy.localdomain 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: The URL parser in libfetch does not enforce the RFC1738 syntax, and it seems to have no clue about RFC1808. Most likely the code needs to be refreshed in terms of RFC2396. The URL syntax specifies that URLs with the form "scheme://authority" may only be followed by an absolute path, if anything. Thus file:///tmp/junk is valid (references "/tmp/junk") libfetch also allows references like file://./foo/bar (which references "./foo/bar") But the URI syntax does not allow relative paths to follow an authority spec. The old BNF allows "file:./foo/bar" for relative references, although RFC2396 says this form is deprecated. libfetch doesn't allow this form. RFC2396 also allows "./foo/bar" for relative references, and libfetch fails there as well. I guess in typical use, retrieving remote resources, it doesn't make sense for libfetch to handle relative URIs, unless you add an API for setting the base URI. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: