bin/140835: libfetch: fetchParseURL(3) returns success with invalid URLs

Jeremy Chadwick freebsd at
Tue Nov 24 19:20:03 UTC 2009

>Number:         140835
>Category:       bin
>Synopsis:       libfetch: fetchParseURL(3) returns success with invalid URLs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 24 19:20:02 UTC 2009
>Originator:     Jeremy Chadwick
>Release:        FreeBSD 8.0-PRERELEASE amd64
System: FreeBSD icarus.home.lan 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #0: Tue Nov 17 20:07:21 PST 2009 root at icarus.home.lan:/usr/obj/usr/src/sys/X7SBA_RELENG_8_amd64 amd64
libfetch contains a function, fetchParseURL(3), whose man page
states the following:

     fetchParseURL() takes a URL in the form of a null-terminated string and
     splits it into its components function according to the Common Internet
     Scheme Syntax detailed in RFC1738.  A regular expression which produces
     this syntax is:


     If the URL does not seem to begin with a scheme name, the following syn-
     tax is assumed:


     Note that some components of the URL are not necessarily relevant to all
     URL schemes.  For instance, the file scheme only needs the <scheme> and
     <document> components.


     fetchParseURL() returns a pointer to a struct url containing the individ-
     ual components of the URL.  If it is unable to allocate memory, or the
     URL is syntactically incorrect, fetchParseURL() returns a NULL pointer.

But when passed a URL such as the below (note the delimiter is
colon-slash, not colon-slash-slash)


fetchParseURL(3) returns a pointer to a struct with the following

	url->scheme = http
	url->user   = <null>
	url->pwd    = <null>
	url->host   = <null>
	url->port   = 0
	url->doc    = /

Given the documentation, fetchParseURL(3) should return NULL in this
scenario; it was able to work out the scheme by itself, which
implies that the RFC1738-compliancy paragraph of the documentation
should apply strictly.

This issue came to light on freebsd-stable:
$ fetch http:/
fetch: http:/ No address record
$ fetch http:/localhost/
fetch: http:/localhost/: No address record
None known.


More information about the freebsd-bugs mailing list