Date: Mon, 17 Sep 2007 12:30:08 GMT From: Giorgos Keramidas <keramida@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/116005: libfetch accepts invalid URLs Message-ID: <200709171230.l8HCU88m056541@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/116005; it has been noted by GNATS.
From: Giorgos Keramidas <keramida@FreeBSD.org>
To: Howard Chu <hyc@openldap.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/116005: libfetch accepts invalid URLs
Date: Sun, 16 Sep 2007 15:10:53 +0300
On 2007-09-02 01:12, Howard Chu <hyc@openldap.org> wrote:
> >Number: 116005
> >Category: bin
> >Synopsis: libfetch accepts invalid URLs
> The URL parser in libfetch does not enforce the RFC1738 syntax, and it
> seems to have no clue about RFC1808. Most likely the code needs to be
> refreshed in terms of RFC2396.
>
> The URL syntax specifies that URLs with the form "scheme://authority"
> may only be followed by an absolute path, if anything. Thus
>
> file:///tmp/junk
>
> is valid (references "/tmp/junk")
>
> libfetch also allows references like
> file://./foo/bar
> (which references "./foo/bar")
In one of the SCM projects I am closely tracking (Mercurial), the URL
parser supports URIs of the form:
ssh://hostname/relative/path
ssh://hostname//relative/path
and the argument of the developers for making the first one a relative
path was that with this sort of URI syntax it is easy to specify both an
absolute *and* a relative path [with ssh-tunneled repository clones,
this is really _very_ useful at times :-)].
> But the URI syntax does not allow relative paths to follow an
> authority spec.
That's interesting. I am offline right now, but it would be nice to
have a definitive reference to the relevant RFCs. I'll look up at least
the following:
RFC1738
RFC1808
RFC2396
Any other related RFCs we should look at?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709171230.l8HCU88m056541>