dovecot-2.2: uri-util: Improve errors about invalid characters i...

Wed Apr 29 09:22:49 UTC 2015

details:   http://hg.dovecot.org/dovecot-2.2/rev/5ae8cd8e42f7
changeset: 18496:5ae8cd8e42f7
user:      Stephan Bosch <stephan at rename-it.nl>
date:      Sat Apr 25 11:42:06 2015 +0200
description:
uri-util: Improve errors about invalid characters in URI by reporting the component where the offending character is located.

diffstat:

 src/lib-http/http-url.c |   6 ++----
 src/lib-imap/imap-url.c |   9 +++++----
 src/lib/uri-util.c      |  48 +++++++++++++++++++++++++++++++++++++++++-------
 3 files changed, 48 insertions(+), 15 deletions(-)

diffs (121 lines):

diff -r 9024d226b813 -r 5ae8cd8e42f7 src/lib-http/http-url.c

--- a/src/lib-http/http-url.c	Sat Apr 25 11:42:06 2015 +0200
+++ b/src/lib-http/http-url.c	Sat Apr 25 11:42:06 2015 +0200
@@ -325,10 +325,8 @@
 		url->enc_fragment = p_strdup(parser->pool, base->enc_fragment);
 	}
 
-	if (parser->cur != parser->end) {
-		parser->error = "HTTP URL contains invalid character";
-		return FALSE;
-	}
+	/* must be at end of URL now */
+	i_assert(parser->cur == parser->end);
 
 	if (have_scheme)
 		url_parser->req_format = HTTP_REQUEST_TARGET_FORMAT_ABSOLUTE;
diff -r 9024d226b813 -r 5ae8cd8e42f7 src/lib-imap/imap-url.c
--- a/src/lib-imap/imap-url.c	Sat Apr 25 11:42:06 2015 +0200
+++ b/src/lib-imap/imap-url.c	Sat Apr 25 11:42:06 2015 +0200
@@ -879,15 +879,16 @@
 		}
 	}
 
+	/* IMAP URL has no fragment */
 	if ((ret = uri_parse_fragment(parser, &query)) != 0) {
 		if (ret == 1)
 			parser->error = "Fragment component not allowed in IMAP URL";
 		return FALSE;
 	}
-	if (parser->cur != parser->end) {
-		parser->error = "IMAP URL contains invalid character.";
-		return FALSE;
-	}
+
+	/* must be at end of URL now */
+	i_assert(parser->cur == parser->end);
+
 	return TRUE;
 }
 
diff -r 9024d226b813 -r 5ae8cd8e42f7 src/lib/uri-util.c
--- a/src/lib/uri-util.c	Sat Apr 25 11:42:06 2015 +0200
+++ b/src/lib/uri-util.c	Sat Apr 25 11:42:06 2015 +0200
@@ -534,15 +534,33 @@
 	/* host */
 	if (uri_parse_host(parser, auth) < 0)
 		return -1;
+	if (parser->cur == parser->end)
+		return 1;
+	switch (*parser->cur) {
+	case ':': case '/': case '?': case '#':
+		break;
+	default:
+		parser->error = "Invalid host identifier";
+		return -1;
+	}
 
-	/* [":" ... */
-	if (parser->cur >= parser->end || *parser->cur != ':')
-		return 1;
-	parser->cur++;
+	/* [":" port] */
+	if (*parser->cur == ':') {
+		parser->cur++;
 	
-	/* ... port] */
-	if ((ret = uri_parse_port(parser, auth)) < 0)
-		return ret;
+		if ((ret = uri_parse_port(parser, auth)) < 0)
+			return ret;
+		if (parser->cur == parser->end)
+			return 1;
+		switch (*parser->cur) {
+		case '/': case '?': case '#':
+			break;
+		default:
+			parser->error = "Invalid host port";
+			return -1;
+		}
+	}
+
 	return 1;
 }
 
@@ -661,6 +679,12 @@
 	}
 	array_append_zero(&segments);
 	*path_r = array_get(&segments, &count);
+
+	if (parser->cur < parser->end &&
+		*parser->cur != '?' && *parser->cur != '#') {
+		parser->error = "Path component contains invalid character";
+		return -1;
+	}
 	return 1;
 }
 
@@ -689,6 +713,11 @@
 		p++;
 	}
 
+	if (p < parser->end && *p != '#') {
+		parser->error = "Query component contains invalid character";
+		return -1;
+	}
+
 	if (query_r != NULL)
 		*query_r = t_strdup_until(parser->cur+1, p);
 	parser->cur = p;
@@ -721,6 +750,11 @@
 		p++;
 	}
 
+	if (p < parser->end) {
+		parser->error = "Fragment component contains invalid character";
+		return -1;
+	}
+
 	if (fragment_r != NULL)
 		*fragment_r = t_strdup_until(parser->cur+1, p);
 	parser->cur = p;
