Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Nov 1997 01:00:25 +0900 (JST)
From:      watanabe@komadori.planet.kobe-u.ac.jp
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   bin/5072: /usr/bin/fetch parses a URL incorrectly
Message-ID:  <199711171600.BAA29855@crayon.planet.kobe-u.ac.jp>
Resent-Message-ID: <199711171610.IAA21039@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         5072
>Category:       bin
>Synopsis:       /usr/bin/fetch parses a URL incorrectly
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 17 08:10:01 PST 1997
>Last-Modified:
>Originator:     Takeshi WATANABE
>Organization:
Kobe University, Kobe, Japan
>Release:        FreeBSD 2.2.2-RELEASE i386
>Environment:

  I found a bug on 2.2.2-RELEASE and 2.2.5-RELEASE.  I don't know
on other versions.

>Description:

  According to RFC-1738 and RFC-1808, a HTTP URL has the following format.

	http://<host>:<port>/<path>?<searchpart>;

The <host> part cannot contain the colon character (":"), but the <path> part
can.

  Therefore, the following URL is valid.

	http://www.host.name/foo:bar/file.html

"www.host.name" is <host>, and "/foo:bar/file.html" is /<path>. :<port> is
omitted; which means ":80".

  However, /usr/bin/fetch cannot accept this URL.

	prompt> fetch http://www.host.name/foo:bar/file.html
	fetch: `http://www.host.name/foo:bar/file.html': invalid port in URL: Undefined error: 0

So, /usr/bin/fetch parses ":bar" to :<port>. This parsing is incorrect.

  This problem is not so critical, because we avoid this bug to use the
following format.

	prompt> fetch http://www.host.name:80/foo:bar/file.html

/usr/bin/fetch can accept this URL.


  However, it is clear that this is a bug of /usr/bin/fetch.

>How-To-Repeat:

  Always when we use /usr/bin/fetch with a HTTP URL that contains the colon
character (":") in the path name.

>Fix:

  Apply the following patch.

--- /usr/src/usr.bin/fetch/http.c.orig	Mon Mar 10 16:12:51 1997
+++ /usr/src/usr.bin/fetch/http.c	Tue Nov 18 00:21:52 1997
@@ -152,7 +152,7 @@
 	strncat(hostname, p, q - p);
 	p = slash;
 
-	if (colon && colon + 1 != slash) {
+	if (q == colon && colon + 1 != slash) {
 		unsigned long ul;
 		char *ep;
 
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711171600.BAA29855>