From 0da3d2768c544cc3c1146b00b9f1481c32010c91 Mon Sep 17 00:00:00 2001

From: Pavel Grunt <pgrunt@redhat.com>

Date: Wed, 1 Jun 2016 10:04:48 +0200

Subject: [PATCH 12/15] spice-uri: Validate uri scheme

Related: rhbz#1335239

Acked-by: Victor Toso <victortoso@redhat.com>

(cherry picked from commit 8dcb4129acde2aed353cd66e28678408e7d1257c)

---

 src/spice-uri.c | 26 ++++++++++++++++----------

 tests/uri.c     |  2 ++

 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/spice-uri.c b/src/spice-uri.c

index 51a6d34..c452db3 100644

--- a/src/spice-uri.c

+++ b/src/spice-uri.c

@@ -80,7 +80,9 @@ static void spice_uri_reset(SpiceURI *self)

 G_GNUC_INTERNAL

 gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)

 {

-    gchar *dup, *uri;

+    gchar *dup, *uri, **uriv = NULL;

+    const gchar *uri_port = NULL;

+    char *uri_scheme = NULL;

     gboolean success = FALSE;

     size_t len;

@@ -93,17 +95,21 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)

     uri = dup = g_strdup(_uri);

     /* FIXME: use GUri when it is ready... only support http atm */

     /* the code is voluntarily not parsing thoroughly the uri */

-    if (g_ascii_strncasecmp("http://", uri, 7) == 0) {

-        uri += 7;

+    uri_scheme = g_uri_parse_scheme(uri);

+    if (uri_scheme == NULL) {

         spice_uri_set_scheme(self, "http");

+    } else {

+        spice_uri_set_scheme(self, uri_scheme);

+        uri += strlen(uri_scheme) + 3; /* scheme + "://" */

+    }

+    if (g_ascii_strcasecmp(spice_uri_get_scheme(self), "http") == 0) {

         spice_uri_set_port(self, 3128);

-    } else if (g_ascii_strncasecmp("https://", uri, 8) == 0) {

-        uri += 8;

-        spice_uri_set_scheme(self, "https");

+    } else if (g_ascii_strcasecmp(spice_uri_get_scheme(self), "https") == 0) {

         spice_uri_set_port(self, 3129);

     } else {

-        spice_uri_set_scheme(self, "http");

-        spice_uri_set_port(self, 3128);

+        g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,

+                    "Invalid uri scheme for proxy: %s", spice_uri_get_scheme(self));

+        goto end;

     }

     /* remove trailing slash */

     len = strlen(uri);

@@ -127,8 +133,7 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)

     }

     /* max 2 parts, host:port */

-    gchar **uriv = g_strsplit(uri, ":", 2);

-    const gchar *uri_port = NULL;

+    uriv = g_strsplit(uri, ":", 2);

     if (uriv[0] == NULL || strlen(uriv[0]) == 0) {

         g_set_error(error, SPICE_CLIENT_ERROR, SPICE_CLIENT_ERROR_FAILED,

@@ -161,6 +166,7 @@ gboolean spice_uri_parse(SpiceURI *self, const gchar *_uri, GError **error)

     success = TRUE;

 end:

+    free(uri_scheme);

     g_free(dup);

     g_strfreev(uriv);

     return success;

diff --git a/tests/uri.c b/tests/uri.c

index 34569ec..80b00f4 100644

--- a/tests/uri.c

+++ b/tests/uri.c

@@ -79,6 +79,8 @@ static void test_spice_uri_ipv4_bad(void)

         {"http://127.0.0.1:-80", "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},

         {"http://127.0.0.1:4294967396", "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},

         {"http://127.0.0.1:12345678901234", "http", "127.0.0.1", 3128, NULL, NULL, "Port out of range"},

+        {"scheme://192.168.1.1:3128", "http", "127.0.0.1", 3128, NULL, NULL,

+         "Invalid uri scheme for proxy: scheme"},

     };

     test_spice_uri_bad(invalid_test_cases, G_N_ELEMENTS(invalid_test_cases));

-- 

2.5.5