bin/116005: libfetch accepts invalid URLs
keramida at FreeBSD.org
Mon Sep 17 05:30:09 PDT 2007
The following reply was made to PR kern/116005; it has been noted by GNATS.
From: Giorgos Keramidas <keramida at FreeBSD.org>
To: Howard Chu <hyc at openldap.org>
Cc: bug-followup at FreeBSD.org
Subject: Re: bin/116005: libfetch accepts invalid URLs
Date: Sun, 16 Sep 2007 15:10:53 +0300
On 2007-09-02 01:12, Howard Chu <hyc at openldap.org> wrote:
> >Number: 116005
> >Category: bin
> >Synopsis: libfetch accepts invalid URLs
> The URL parser in libfetch does not enforce the RFC1738 syntax, and it
> seems to have no clue about RFC1808. Most likely the code needs to be
> refreshed in terms of RFC2396.
> The URL syntax specifies that URLs with the form "scheme://authority"
> may only be followed by an absolute path, if anything. Thus
> is valid (references "/tmp/junk")
> libfetch also allows references like
> (which references "./foo/bar")
In one of the SCM projects I am closely tracking (Mercurial), the URL
parser supports URIs of the form:
and the argument of the developers for making the first one a relative
path was that with this sort of URI syntax it is easy to specify both an
absolute *and* a relative path [with ssh-tunneled repository clones,
this is really _very_ useful at times :-)].
> But the URI syntax does not allow relative paths to follow an
> authority spec.
That's interesting. I am offline right now, but it would be nice to
have a definitive reference to the relevant RFCs. I'll look up at least
Any other related RFCs we should look at?
More information about the freebsd-bugs