summaryrefslogtreecommitdiff
path: root/libsoup/soup-uri.c
Commit message (Collapse)AuthorAgeFilesLines
* Make more APIs privatePatrick Griffis2020-09-191-1/+1
|
* soup-uri: Check string lengths before reading bytes of %-encoded charsPhilip Withnall2020-07-021-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | There are two instances in `SoupURI` where `g_ascii_isxdigit()` is called two bytes ahead of the read pointer to check if a %-encoding is valid. This is fine when the string being parsed is nul-terminated (as the first `g_ascii_isxdigit()` call will safely return `FALSE`), but will result in a read off the end of the buffer if it’s length-terminated (and doesn’t happen to also be nul-terminated). Thankfully, that’s not the case in any of the code paths in `SoupURI` leading to these two instances, so this is not a security issue. However, the functions should probably be fixed to do an appropriate length check, just in case they get called from somewhere else in future. Spotted by oss-fuzz in oss-fuzz#23815 and oss-fuzz#23818, when it was fuzzing the new `GUri` implementation in GLib, which is heavily based off this code. Includes two unit tests which don’t actually trigger the original failure (as all strings passed into `SoupURI` are forced to be nul-terminated), but would trigger it if the nul termination was not present. Signed-off-by: Philip Withnall <withnall@endlessm.com>
* soup: Fix nonnull parameter issues found by Coverity Scan and clangMilan Crha2018-06-251-1/+1
| | | | https://bugzilla.gnome.org/show_bug.cgi?id=781771
* SoupURI: make soup_uri_new_with_base a constructorCorentin Noël2018-06-131-2/+2
| | | | It is currently described as a method as it takes a SoupURI as first parameter when typically functions foo_bar_new* are constructors.
* Always use "wss" as an alias for "https"Nirbheek Chauhan2017-08-071-4/+8
| | | | | | | | Also fix a bunch of places that were comparing uri->scheme directly with SOUP_URI_SCHEME_HTTPS instead of using the private function soup_uri_is_https(). https://bugzilla.gnome.org/show_bug.cgi?id=784786
* Fix out-of-bounds read in URI parsingDan Winship2017-08-071-1/+1
| | | | https://bugzilla.gnome.org/show_bug.cgi?id=785042
* SoupSession: give password to GSimpleProxyResolverJonathan Lebon2016-10-271-2/+6
| | | | | | | | | | | | | | | | | | | | After setting the "proxy-uri" property on a SoupSession with embedded basic auth (e.g. http://user:pass@example.com), libsoup does not make use of the auth and ends up emitting an "authenticate" signal on receiving 407. Calling soup_auth_anthenticate() with the same credentials then works, but it should've made use of the auth from the beginning to avoid the round trip. This seems to be a regression from fb09bf93 (https://bugzilla.gnome.org/show_bug.cgi?id=680273), during the transition to GSimpleProxyResolver. The issue is that libsoup uses `soup_uri_to_string_internal`, which doesn't embed the password in the resulting string. The attached patch changes this, making sure to retain the previous behaviour in all other cases. https://bugzilla.gnome.org/show_bug.cgi?id=772932
* uri: better document that host can be NULLMichael Catanzaro2016-10-131-1/+1
| | | | | | | The current documentation is extremely misleading, implying here that the host portion of the URI is always nonnull, which isn't true. https://bugzilla.gnome.org/show_bug.cgi?id=772891
* Improve documentation of soup_uri_normalizeMichael Catanzaro2016-02-091-1/+2
| | | | | | | The docs do not mention anything about %-encoding, but that's part of the normalization since 226f6382. https://bugzilla.gnome.org/show_bug.cgi?id=761742
* Include config.h if needed in the files that do not include it yetIgnacio Casal Quinteiro2015-11-041-0/+4
| | | | https://bugzilla.gnome.org/show_bug.cgi?id=757146
* soup-uri.c: Add (allow-none) to soup_uri_normalizeJens Georg2015-09-151-1/+1
| | | | | | | Align annotation with documentation which says NULL is fine for the second parameter. https://bugzilla.gnome.org/show_bug.cgi?id=754776
* uri: add support for WebSocket schemesLionel Landwerlin2015-03-011-2/+25
|
* Add missing (nullable) annotations, assorted minor introspection fixesEvan Nemerson2014-11-231-2/+2
| | | | https://bugzilla.gnome.org/show_bug.cgi?id=729987
* soup_uri_to_string: document that passwords are never outputDan Winship2014-01-181-0/+3
|
* soup-uri: minor code reorg/renamingDan Winship2013-10-101-11/+14
| | | | | | | | | | | Change uri_decoded_copy() to strdup the input string *after* doing its g_return_val_if_fail(), to avoid pointlessly confusing code analyzers. Also, rename the function to soup_uri_decoded_copy(), since it's used from soup-request-data.c too and it's been annoying me that it was non-namespaced. https://bugzilla.gnome.org/show_bug.cgi?id=709793
* SoupServer: add :http-aliases and :https-aliases propertiesDan Winship2013-08-261-0/+43
| | | | | | | | | Add :http-aliases and :https-aliases properties to SoupServer, to allow it to handle requests like: GET daap://host:port/path HTTP/1.1 https://bugzilla.gnome.org/show_bug.cgi?id=703694
* More IPv6 scope ID fixesDan Winship2013-08-191-3/+18
| | | | | | | Don't include the scope ID in the "Host" header. Make SoupURI correctly parse both correct and incorrect scope IDs, and add checks for that in tests/uri-parsing.
* soup-uri: fix URI scheme parsingDan Winship2013-07-131-2/+5
| | | | | | | The URI grammar allows a scheme to have digits in it after the first character, and doesn't allow [.+-] in the first character. https://bugzilla.gnome.org/show_bug.cgi?id=703776
* Add/fix some annotationsDan Winship2013-06-291-23/+0
|
* soup-address: fix proxy enumerator implementationDan Winship2013-04-181-16/+23
| | | | | | | | | When creating a GProxyAddressEnumerator, the destination URI passed to it must include the port number, or the proxy may end up trying to connect to port 0. libsoup was omitting the port number when it was the default for the protocol. https://bugzilla.gnome.org/show_bug.cgi?id=698163
* data: URL requests should serve the whole decoded URLZan Dobersek2013-03-111-5/+8
| | | | | | | | | | | | Address the possibility of data: URLs containing null characters when the data request is being performed. The uri_decoded_copy method is enhanced with a third argument, a pointer to an integer that should be set to the length of decoded data when provided. This length is then set as the request's content length. A test checking the correct behavior is added in requester-test. Calls to uri_decoded_copy where the length of the decoded output is not required are adjusted to provide NULL as the third argument.
* Revert "SoupURI: replace NULL password with "" on http"Dan Winship2013-01-211-2/+0
| | | | | | | | | | This broke CalDAV in evolution. I'm not sure exactly why, but if it broke that, it might break other things too, so let's just revert this. This reverts commit 38901ca5e684a8fac75e6ff740d45c82dd44181a. https://bugzilla.gnome.org/show_bug.cgi?id=692149
* SoupURI: replace NULL password with "" on httpDan Winship2013-01-121-0/+2
| | | | | All supported HTTP auth methods use both username and password, so assume a password of "" if none is given
* docs: Lots of minor fixes and additionsDan Winship2012-12-271-0/+51
|
* soup-uri: don't decode %00 in URIsDan Winship2012-12-101-1/+1
| | | | | We were accidentally decoding %00 to '\0' in URIs, causing a few WebKit tests to fail. Leave it undecoded instead.
* Add per-version deprecation/availability warningsDan Winship2012-11-081-3/+3
| | | | | | | | | | | Add SOUP_VERSION_X_XX, SOUP_VERSION_MIN_REQUIRED, and SOUP_VERSION_MAX_ALLOWED, to enable version-based warnings. Tag all functions with appropriate SOUP_AVAILABLE_IN_ and SOUP_DEPRECATED_IN_ macros. Also, fix up some "Since" tags to not refer to unstable releases or non-.0 point releases.
* soup-request: Add support to handle gresource URI requestsCarlos Garcia Campos2012-10-201-1/+12
| | | | | | | | | GFile already supports gresource when using g_file_new_for_uri() with a resource:// URI. We can add "resource" as a valid scheme for SoupRequestFile and make sure the GFile is created with the gresource URI for gresource requests. https://bugzilla.gnome.org/show_bug.cgi?id=682721
* soup_uri_normalize: more fixesDan Winship2012-07-171-3/+8
| | | | | | | | | uri_normalized_copy() should not go into fixup mode when it sees a non-printable character if that character is in @unescape_extra. Likewise, if it does go into fixup mode, it shouldn't fix up the @unescape_extra characters. https://bugzilla.gnome.org/show_bug.cgi?id=680018
* soup-uri: fix uri_normalized_copy to not always do fixupDan Winship2012-07-161-6/+7
| | | | | | | | need_fixup was always getting set, because the trailing NUL character was being processed by the loop. Fix. Pointed out by Yann SOUBEYRAND, https://bugzilla.gnome.org/show_bug.cgi?id=680018
* Clean up includesDan Winship2012-07-131-3/+1
| | | | | | | | Especially, include soup.h rather than individually including a bunch of other public soup-*.h files. Remove unnecessary system includes (many are leftovers from code that has moved down into glib).
* Use G_DEFINE_INTERFACE and G_DEFINE_BOXED_TYPEDan Winship2012-07-131-15/+1
|
* SoupURI: fix fallback handling of soup_uri_set_path(uri, NULL)Dan Winship2012-02-251-0/+6
| | | | | | | | In the old code, if you set a URI's path to NULL and then did soup_uri_to_string(uri, FALSE), you'd get back a path of "/". Fix the new code to behave the same way (and test it). https://bugzilla.gnome.org/show_bug.cgi?id=670431
* soup-uri: revert some of the previously-added return-if-failsDan Winship2012-02-101-22/+42
| | | | | | | | | | | | | | | | | | Although it has always been documented that a SoupURI must have a non-NULL path, nothing ever enforced this, and most methods checked whether it was NULL before looking at it anyway. So lots of existing code was getting this wrong, and is now breaking because of the "g_return_if_fail (SOUP_URI_IS_VALID (uri))" checks. So, change most of those to just g_warn_if_fail() (while adding back the old return-if-fail !NULL checks), but also fix soup_uri_set_path() and soup_uri_new_with_base() to handle NULL paths more sanely (after warning). Also, allow calling the getters on invalid URIs. Add a new test to uri-testing to make sure that URIs created with soup_uri_new(NULL) behave as expected at each step of the way... https://bugzilla.gnome.org/show_bug.cgi?id=667637
* soup-uri: fix the scheme parsing to require alpha, not alphanumericDan Winship2012-02-091-5/+1
| | | | | also remove an ancient comment about running the regression tests, since it's implied everywhere now.
* soup_uri_new: do not allow invalid URIs to be returned, except via ↵Simon McVittie2012-02-061-2/+3
| | | | | | | | | | soup_uri_new (NULL) Also document the possible NULL return. Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637 Bug-NB: NB#294977
* SoupURI: add SOUP_URI_IS_VALID() and use it for basic precondition checksSimon McVittie2012-02-061-13/+88
| | | | | | | | | | | | | | | | | | | | In this patch, field setters don't have precondition checks for the validity of the URI object itself, only a non-NULL check, to avoid breaking existing code if it calls soup_uri_new (NULL) and then sets fields in an unexpected order: uri = soup_uri_new (NULL); /* uri is invalid */ soup_uri_set_host (uri, "www.google.com"); soup_uri_set_query (uri, "q=badgers"); soup_uri_set_scheme (uri, "http"); /* still invalid... */ soup_uri_set_path (uri, "/search"); /* finally valid */ Also annotate nullable setter parameters as (allow-none), to justify why they don't have a precondition check. Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637 Bug-NB: NB#294977
* soup_uri_copy_host: always set the path to something non-NULLSimon McVittie2012-02-061-3/+1
| | | | | | | | Not doing so is considered to be invalid. Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637 Bug-NB: NB#294977
* soup_uri_new: annotate uri_string as nullableSimon McVittie2012-02-031-1/+1
| | | | | | Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Dan Winship <danw@gnome.org>
* soup_uri_uses_default_port: correct documentationSimon McVittie2012-02-031-1/+1
| | | | | | | | We now know the default for ftp, too. Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Dan Winship <danw@gnome.org>
* SoupURI: give "foo:" a non-NULL path memberSimon McVittie2012-02-031-1/+3
| | | | | | | | | | | SoupURI documents uri->path as being required, and got_headers in SoupServer assumes that it's non-NULL, but in fact parsing a URI consisting solely of a scheme ("foo:") would leave path = NULL. Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637 Bug-NB: NB#294977 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Dan Winship <danw@gnome.org>
* soup-session: fix some http-aliases/https-aliases problemsDan Winship2011-12-011-4/+0
| | | | and add a test to misc-test
* soup-uri: %-encode non-ASCII characters when parsing URIsDan Winship2011-11-121-8/+8
| | | | https://bugzilla.gnome.org/show_bug.cgi?id=662806
* Lots of gtk-doc fixes (no code changes)Dan Winship2011-09-221-2/+2
|
* SoupConnection: do TLS handshake at connection timeDan Winship2011-08-071-1/+1
| | | | | | Previously, when connecting to an https site, the TLS handshake didn't happen until we started writing the request. Change it so that it now happens as part of SoupConnection connecting.
* Soup-2.4.gir: add missing introspection data from Vala bindingsEvan Nemerson2011-08-041-4/+5
| | | | https://bugzilla.gnome.org/show_bug.cgi?id=655397
* soup_uri_to_string: print port numbers as unsigned integersSergio Villar Senin2011-04-151-1/+1
| | | | | | | soup_uri_to_string() was using the "%d" printf format but it should use "%u" instead as the port number is a guint in SoupURI. https://bugzilla.gnome.org/show_bug.cgi?id=647767
* soup_request_data_send: data URL decoding fixSergio Villar Senin2011-04-071-2/+2
| | | | | | | SoupRequestData was not unescaping base64 URIs before trying to decode them. This was incorrectly causing decoding errors with base64 data. https://bugzilla.gnome.org/show_bug.cgi?id=646896
* Fix parsing/generation of URI queries that aren't HTML formsDan Winship2010-11-091-3/+4
| | | | | | | | | | | | | soup_form_decode() used to accept strings that weren't "name=value" pairs, but soup_form_encode_hash() would crash if you passed the resulting GHashTable to it. Fix both sides: now soup_form_decode() ignores non-"name=value" elements, and soup_form_encode_hash() g_return_if_fail()s rather than crashing. Also fix use of deprecated soup-form.h method names in soup-uri.c and soup-server.c https://bugzilla.gnome.org/show_bug.cgi?id=620220
* SoupURI: never return NULL from soup_uri_decode/soup_uri_normalizeDan Winship2010-11-091-28/+23
| | | | | | | Normally you just want to DTRT, and soup_uri_new() already behaved this way anyway. https://bugzilla.gnome.org/show_bug.cgi?id=630540
* Fix a crash when resolving URIs with both spaces and non-UTF8 charsDan Winship2010-09-131-13/+15
| | | | | | | | | When using "%.*s" in a UTF-8 locale, in at least some cases, glibc requires that the string not end in something that looks like a partial UTF-8 character. This seems wrong according to the c99 spec to me, but regardless, we need to work around it. https://bugzilla.gnome.org/show_bug.cgi?id=629449
View Lorry Controller Status