diff options
| author | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2004-12-24 01:59:11 +0000 |
|---|---|---|
| committer | Darren Salt <linux@youmustbejoking.demon.co.uk> | 2004-12-24 01:59:11 +0000 |
| commit | 3e0803b5fa44a10eba8960ff163b982ac29131d3 (patch) | |
| tree | 73dbf5a07429fb3cf8e6c4161277277e888e9c41 | |
| parent | 585f2f2b82d5ad7e8599b7a0880e6f213e0fb3db (diff) | |
| download | xine-lib-3e0803b5fa44a10eba8960ff163b982ac29131d3.tar.gz xine-lib-3e0803b5fa44a10eba8960ff163b982ac29131d3.tar.bz2 | |
Fix crash related to relative HTTP redirect URLs.
These URLs are now canonicalised.
CVS patchset: 7297
CVS date: 2004/12/24 01:59:11
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | src/input/http_helper.c | 46 | ||||
| -rw-r--r-- | src/input/http_helper.h | 12 | ||||
| -rw-r--r-- | src/input/input_http.c | 5 |
4 files changed, 59 insertions, 5 deletions
@@ -10,6 +10,7 @@ xine-lib * updated included libdvdnav: more graceful handling of some error conditions; fixed playback of some strangely authored DVDs * fixed problem with first subtitle not showing when using separate subtitle files + * fixed crash related to relative HTTP redirect URLs (implemented canonicalisation) xine-lib (1-rc8) * Multiple security vulnerabilities fixed on PNM and Real RTSP clients diff --git a/src/input/http_helper.c b/src/input/http_helper.c index 3418a1d50..601ee0e85 100644 --- a/src/input/http_helper.c +++ b/src/input/http_helper.c @@ -19,7 +19,7 @@ * * URL helper functions * - * $Id: http_helper.c,v 1.4 2004/12/01 22:55:31 tmattern Exp $ + * $Id: http_helper.c,v 1.5 2004/12/24 01:59:11 dsalt Exp $ */ #ifdef HAVE_CONFIG_H @@ -194,6 +194,30 @@ error: return 0; } +char *_x_canonicalise_url (const char *base, const char *url) { + + int base_length; + char *cut, *ret; + + if ((cut = strstr (url, "://"))) + return strdup (url); + + cut = strstr (base, "://"); + if (url[0] == '/') { + /* absolute - base up to first '/' after "://", then url */ + cut = strchr (cut + 3, '/'); + } + else { + /* relative - base up to & inc. last '/', then url */ + cut = strrchr (cut, '/'); + if (cut) + ++cut; + } + base_length = cut ? cut - base : strlen (base); + ret = malloc (base_length + strlen (url) + 1); + sprintf (ret, "%.*s%s", base_length, base, url); + return ret; +} #ifdef TEST_URL /* @@ -229,6 +253,21 @@ static int check_url(char *url, int ok) { } } +static int check_paste(const char *base, const char *url, const char *ok) { + char *res; + int ret; + + printf("--------------------------------\n"); + printf("base url=%s\n", base); + printf(" new url=%s\n", url); + res = _x_canonicalise_url (base, url); + printf(" result=%s\n", res); + ret = !strcmp (res, ok); + free (res); + puts (ret ? "test OK" : "test KO"); + return ret; +} + int main(int argc, char** argv) { char *proto, host, port, user, password, uri; int res = 0; @@ -261,8 +300,11 @@ int main(int argc, char** argv) { res += check_url("http://[www.toto.com]:80/", 1); res += check_url("http://[12:12]:80/", 1); res += check_url("http://user:pass@[12:12]:80/", 1); + res += check_paste("http://www.toto.com/foo/test.asx", "http://www2.toto.com/www/foo/test1.asx", "http://www2.toto.com/www/foo/test1.asx"); + res += check_paste("http://www.toto.com/foo/test.asx", "/bar/test2.asx", "http://www.toto.com/bar/test2.asx"); + res += check_paste("http://www.toto.com/foo/test.asx", "test3.asx", "http://www.toto.com/foo/test3.asx"); printf("================================\n"); - if (res != 28) { + if (res != 31) { printf("result: KO\n"); } else { printf("result: OK\n"); diff --git a/src/input/http_helper.h b/src/input/http_helper.h index 0c63f4a14..546a55803 100644 --- a/src/input/http_helper.h +++ b/src/input/http_helper.h @@ -19,7 +19,7 @@ * * URL helper functions * - * $Id: http_helper.h,v 1.2 2004/03/31 07:42:50 valtri Exp $ + * $Id: http_helper.h,v 1.3 2004/12/24 01:59:12 dsalt Exp $ */ #ifndef HTTP_HELPER_H @@ -37,4 +37,14 @@ int _x_parse_url (char *url, char **proto, char** host, int *port, char **user, char **password, char **uri); +/* + * canonicalise url, given base + * base must be valid according to _x_parse_url + * url may only contain "://" if it's absolute + * + * return: + * the canonicalised URL (caller must free() it) + */ +char *_x_canonicalise_url (const char *base, const char *url); + #endif /* HTTP_HELPER_H */ diff --git a/src/input/input_http.c b/src/input/input_http.c index fbd5d9d87..c50750233 100644 --- a/src/input/input_http.c +++ b/src/input/input_http.c @@ -19,7 +19,7 @@ * * input plugin for http network streams * - * $Id: input_http.c,v 1.101 2004/12/12 22:01:06 mroi Exp $ + * $Id: input_http.c,v 1.102 2004/12/24 01:59:12 dsalt Exp $ */ #ifdef HAVE_CONFIG_H @@ -892,8 +892,9 @@ static int http_plugin_open (input_plugin_t *this_gen ) { lprintf ("trying to open target of redirection: >%s<\n", href); + href = _x_canonicalise_url (this->mrl, href); free(this->mrl); - this->mrl = strdup(href); + this->mrl = href; return http_plugin_open(this_gen); } } |