| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two instances in `SoupURI` where `g_ascii_isxdigit()` is
called two bytes ahead of the read pointer to check if a %-encoding is
valid. This is fine when the string being parsed is nul-terminated (as
the first `g_ascii_isxdigit()` call will safely return `FALSE`), but
will result in a read off the end of the buffer if it’s
length-terminated (and doesn’t happen to also be nul-terminated).
Thankfully, that’s not the case in any of the code paths in `SoupURI`
leading to these two instances, so this is not a security issue.
However, the functions should probably be fixed to do an appropriate
length check, just in case they get called from somewhere else in
future.
Spotted by oss-fuzz in oss-fuzz#23815 and oss-fuzz#23818, when it was
fuzzing the new `GUri` implementation in GLib, which is heavily based
off this code.
Includes two unit tests which don’t actually trigger the original
failure (as all strings passed into `SoupURI` are forced to be
nul-terminated), but would trigger it if the nul termination was not
present.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=781771
|
|
|
|
| |
It is currently described as a method as it takes a SoupURI as first parameter when typically functions foo_bar_new* are constructors.
|
|
|
|
|
|
|
|
| |
Also fix a bunch of places that were comparing uri->scheme directly
with SOUP_URI_SCHEME_HTTPS instead of using the private function
soup_uri_is_https().
https://bugzilla.gnome.org/show_bug.cgi?id=784786
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=785042
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After setting the "proxy-uri" property on a SoupSession with embedded
basic auth (e.g. http://user:pass@example.com), libsoup does not make
use of the auth and ends up emitting an "authenticate" signal on
receiving 407. Calling soup_auth_anthenticate() with the same
credentials then works, but it should've made use of the auth from the
beginning to avoid the round trip.
This seems to be a regression from fb09bf93
(https://bugzilla.gnome.org/show_bug.cgi?id=680273), during the
transition to GSimpleProxyResolver. The issue is that libsoup uses
`soup_uri_to_string_internal`, which doesn't embed the password in the
resulting string.
The attached patch changes this, making sure to retain the previous
behaviour in all other cases.
https://bugzilla.gnome.org/show_bug.cgi?id=772932
|
|
|
|
|
|
|
| |
The current documentation is extremely misleading, implying here that
the host portion of the URI is always nonnull, which isn't true.
https://bugzilla.gnome.org/show_bug.cgi?id=772891
|
|
|
|
|
|
|
| |
The docs do not mention anything about %-encoding, but that's part of
the normalization since 226f6382.
https://bugzilla.gnome.org/show_bug.cgi?id=761742
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=757146
|
|
|
|
|
|
|
| |
Align annotation with documentation which says NULL is fine for the
second parameter.
https://bugzilla.gnome.org/show_bug.cgi?id=754776
|
| |
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=729987
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Change uri_decoded_copy() to strdup the input string *after* doing its
g_return_val_if_fail(), to avoid pointlessly confusing code analyzers.
Also, rename the function to soup_uri_decoded_copy(), since it's used
from soup-request-data.c too and it's been annoying me that it was
non-namespaced.
https://bugzilla.gnome.org/show_bug.cgi?id=709793
|
|
|
|
|
|
|
|
|
| |
Add :http-aliases and :https-aliases properties to SoupServer, to
allow it to handle requests like:
GET daap://host:port/path HTTP/1.1
https://bugzilla.gnome.org/show_bug.cgi?id=703694
|
|
|
|
|
|
|
| |
Don't include the scope ID in the "Host" header.
Make SoupURI correctly parse both correct and incorrect scope IDs, and
add checks for that in tests/uri-parsing.
|
|
|
|
|
|
|
| |
The URI grammar allows a scheme to have digits in it after the first
character, and doesn't allow [.+-] in the first character.
https://bugzilla.gnome.org/show_bug.cgi?id=703776
|
| |
|
|
|
|
|
|
|
|
|
| |
When creating a GProxyAddressEnumerator, the destination URI passed to
it must include the port number, or the proxy may end up trying to
connect to port 0. libsoup was omitting the port number when it was
the default for the protocol.
https://bugzilla.gnome.org/show_bug.cgi?id=698163
|
|
|
|
|
|
|
|
|
|
|
|
| |
Address the possibility of data: URLs containing null characters when the data
request is being performed. The uri_decoded_copy method is enhanced with a
third argument, a pointer to an integer that should be set to the length of
decoded data when provided. This length is then set as the request's content
length.
A test checking the correct behavior is added in requester-test. Calls to
uri_decoded_copy where the length of the decoded output is not required are
adjusted to provide NULL as the third argument.
|
|
|
|
|
|
|
|
|
|
| |
This broke CalDAV in evolution. I'm not sure exactly why, but if it
broke that, it might break other things too, so let's just revert
this.
This reverts commit 38901ca5e684a8fac75e6ff740d45c82dd44181a.
https://bugzilla.gnome.org/show_bug.cgi?id=692149
|
|
|
|
|
| |
All supported HTTP auth methods use both username and password, so
assume a password of "" if none is given
|
| |
|
|
|
|
|
| |
We were accidentally decoding %00 to '\0' in URIs, causing a few
WebKit tests to fail. Leave it undecoded instead.
|
|
|
|
|
|
|
|
|
|
|
| |
Add SOUP_VERSION_X_XX, SOUP_VERSION_MIN_REQUIRED, and
SOUP_VERSION_MAX_ALLOWED, to enable version-based warnings.
Tag all functions with appropriate SOUP_AVAILABLE_IN_ and
SOUP_DEPRECATED_IN_ macros.
Also, fix up some "Since" tags to not refer to unstable releases or
non-.0 point releases.
|
|
|
|
|
|
|
|
|
| |
GFile already supports gresource when using g_file_new_for_uri() with a
resource:// URI. We can add "resource" as a valid scheme for
SoupRequestFile and make sure the GFile is created with the gresource
URI for gresource requests.
https://bugzilla.gnome.org/show_bug.cgi?id=682721
|
|
|
|
|
|
|
|
|
| |
uri_normalized_copy() should not go into fixup mode when it sees a
non-printable character if that character is in @unescape_extra.
Likewise, if it does go into fixup mode, it shouldn't fix up the
@unescape_extra characters.
https://bugzilla.gnome.org/show_bug.cgi?id=680018
|
|
|
|
|
|
|
|
| |
need_fixup was always getting set, because the trailing NUL character
was being processed by the loop. Fix.
Pointed out by Yann SOUBEYRAND,
https://bugzilla.gnome.org/show_bug.cgi?id=680018
|
|
|
|
|
|
|
|
| |
Especially, include soup.h rather than individually including a bunch
of other public soup-*.h files.
Remove unnecessary system includes (many are leftovers from code that
has moved down into glib).
|
| |
|
|
|
|
|
|
|
|
| |
In the old code, if you set a URI's path to NULL and then did
soup_uri_to_string(uri, FALSE), you'd get back a path of "/". Fix the
new code to behave the same way (and test it).
https://bugzilla.gnome.org/show_bug.cgi?id=670431
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although it has always been documented that a SoupURI must have a
non-NULL path, nothing ever enforced this, and most methods checked
whether it was NULL before looking at it anyway. So lots of existing
code was getting this wrong, and is now breaking because of the
"g_return_if_fail (SOUP_URI_IS_VALID (uri))" checks.
So, change most of those to just g_warn_if_fail() (while adding back
the old return-if-fail !NULL checks), but also fix soup_uri_set_path()
and soup_uri_new_with_base() to handle NULL paths more sanely (after
warning). Also, allow calling the getters on invalid URIs.
Add a new test to uri-testing to make sure that URIs created with
soup_uri_new(NULL) behave as expected at each step of the way...
https://bugzilla.gnome.org/show_bug.cgi?id=667637
|
|
|
|
|
| |
also remove an ancient comment about running the regression tests,
since it's implied everywhere now.
|
|
|
|
|
|
|
|
|
|
| |
soup_uri_new (NULL)
Also document the possible NULL return.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637
Bug-NB: NB#294977
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In this patch, field setters don't have precondition checks for the
validity of the URI object itself, only a non-NULL check, to avoid
breaking existing code if it calls soup_uri_new (NULL) and then sets
fields in an unexpected order:
uri = soup_uri_new (NULL); /* uri is invalid */
soup_uri_set_host (uri, "www.google.com");
soup_uri_set_query (uri, "q=badgers");
soup_uri_set_scheme (uri, "http"); /* still invalid... */
soup_uri_set_path (uri, "/search"); /* finally valid */
Also annotate nullable setter parameters as (allow-none), to justify
why they don't have a precondition check.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637
Bug-NB: NB#294977
|
|
|
|
|
|
|
|
| |
Not doing so is considered to be invalid.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637
Bug-NB: NB#294977
|
|
|
|
|
|
| |
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Dan Winship <danw@gnome.org>
|
|
|
|
|
|
|
|
| |
We now know the default for ftp, too.
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Dan Winship <danw@gnome.org>
|
|
|
|
|
|
|
|
|
|
|
| |
SoupURI documents uri->path as being required, and got_headers in
SoupServer assumes that it's non-NULL, but in fact parsing a URI
consisting solely of a scheme ("foo:") would leave path = NULL.
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637
Bug-NB: NB#294977
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Dan Winship <danw@gnome.org>
|
|
|
|
| |
and add a test to misc-test
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=662806
|
| |
|
|
|
|
|
|
| |
Previously, when connecting to an https site, the TLS handshake didn't
happen until we started writing the request. Change it so that it now
happens as part of SoupConnection connecting.
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=655397
|
|
|
|
|
|
|
| |
soup_uri_to_string() was using the "%d" printf format but it
should use "%u" instead as the port number is a guint in SoupURI.
https://bugzilla.gnome.org/show_bug.cgi?id=647767
|
|
|
|
|
|
|
| |
SoupRequestData was not unescaping base64 URIs before trying to decode them.
This was incorrectly causing decoding errors with base64 data.
https://bugzilla.gnome.org/show_bug.cgi?id=646896
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
soup_form_decode() used to accept strings that weren't "name=value"
pairs, but soup_form_encode_hash() would crash if you passed the
resulting GHashTable to it. Fix both sides: now soup_form_decode()
ignores non-"name=value" elements, and soup_form_encode_hash()
g_return_if_fail()s rather than crashing.
Also fix use of deprecated soup-form.h method names in soup-uri.c and
soup-server.c
https://bugzilla.gnome.org/show_bug.cgi?id=620220
|
|
|
|
|
|
|
| |
Normally you just want to DTRT, and soup_uri_new() already behaved this
way anyway.
https://bugzilla.gnome.org/show_bug.cgi?id=630540
|
|
|
|
|
|
|
|
|
| |
When using "%.*s" in a UTF-8 locale, in at least some cases, glibc
requires that the string not end in something that looks like a
partial UTF-8 character. This seems wrong according to the c99 spec to
me, but regardless, we need to work around it.
https://bugzilla.gnome.org/show_bug.cgi?id=629449
|