From owner-freebsd-bugs@FreeBSD.ORG Mon Sep 17 12:30:09 2007 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 08A1416A419 for ; Mon, 17 Sep 2007 12:30:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DF7EC13C428 for ; Mon, 17 Sep 2007 12:30:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l8HCU87J056542 for ; Mon, 17 Sep 2007 12:30:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l8HCU88m056541; Mon, 17 Sep 2007 12:30:08 GMT (envelope-from gnats) Date: Mon, 17 Sep 2007 12:30:08 GMT Message-Id: <200709171230.l8HCU88m056541@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Giorgos Keramidas Cc: Subject: Re: bin/116005: libfetch accepts invalid URLs X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Giorgos Keramidas List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Sep 2007 12:30:09 -0000 The following reply was made to PR kern/116005; it has been noted by GNATS. From: Giorgos Keramidas To: Howard Chu Cc: bug-followup@FreeBSD.org Subject: Re: bin/116005: libfetch accepts invalid URLs Date: Sun, 16 Sep 2007 15:10:53 +0300 On 2007-09-02 01:12, Howard Chu wrote: > >Number: 116005 > >Category: bin > >Synopsis: libfetch accepts invalid URLs > The URL parser in libfetch does not enforce the RFC1738 syntax, and it > seems to have no clue about RFC1808. Most likely the code needs to be > refreshed in terms of RFC2396. > > The URL syntax specifies that URLs with the form "scheme://authority" > may only be followed by an absolute path, if anything. Thus > > file:///tmp/junk > > is valid (references "/tmp/junk") > > libfetch also allows references like > file://./foo/bar > (which references "./foo/bar") In one of the SCM projects I am closely tracking (Mercurial), the URL parser supports URIs of the form: ssh://hostname/relative/path ssh://hostname//relative/path and the argument of the developers for making the first one a relative path was that with this sort of URI syntax it is easy to specify both an absolute *and* a relative path [with ssh-tunneled repository clones, this is really _very_ useful at times :-)]. > But the URI syntax does not allow relative paths to follow an > authority spec. That's interesting. I am offline right now, but it would be nice to have a definitive reference to the relevant RFCs. I'll look up at least the following: RFC1738 RFC1808 RFC2396 Any other related RFCs we should look at?