bin/116005: libfetch accepts invalid URLs

Giorgos Keramidas keramida at FreeBSD.org
Mon Sep 17 05:30:09 PDT 2007


The following reply was made to PR kern/116005; it has been noted by GNATS.

From: Giorgos Keramidas <keramida at FreeBSD.org>
To: Howard Chu <hyc at openldap.org>
Cc: bug-followup at FreeBSD.org
Subject: Re: bin/116005: libfetch accepts invalid URLs
Date: Sun, 16 Sep 2007 15:10:53 +0300

 On 2007-09-02 01:12, Howard Chu <hyc at openldap.org> wrote:
 > >Number:         116005
 > >Category:       bin
 > >Synopsis:       libfetch accepts invalid URLs
 
 > The URL parser in libfetch does not enforce the RFC1738 syntax, and it
 > seems to have no clue about RFC1808. Most likely the code needs to be
 > refreshed in terms of RFC2396.
 >
 > The URL syntax specifies that URLs with the form "scheme://authority"
 > may only be followed by an absolute path, if anything. Thus
 >
 >   file:///tmp/junk
 >
 > is valid (references "/tmp/junk")
 >
 > libfetch also allows references like
 >   file://./foo/bar
 > (which references "./foo/bar")
 
 In one of the SCM projects I am closely tracking (Mercurial), the URL
 parser supports URIs of the form:
 
     ssh://hostname/relative/path
     ssh://hostname//relative/path
 
 and the argument of the developers for making the first one a relative
 path was that with this sort of URI syntax it is easy to specify both an
 absolute *and* a relative path [with ssh-tunneled repository clones,
 this is really _very_ useful at times :-)].
 
 > But the URI syntax does not allow relative paths to follow an
 > authority spec.
 
 That's interesting.  I am offline right now, but it would be nice to
 have a definitive reference to the relevant RFCs.  I'll look up at least
 the following:
 
     RFC1738
     RFC1808
     RFC2396
 
 Any other related RFCs we should look at?
 


More information about the freebsd-bugs mailing list