From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Daniele Nicolodi <daniele@grinta.net>
Newsgroups: gmane.emacs.devel
Subject: Bug in url-retrieve-synchronously from url.el on redirect
Date: Fri, 10 Jul 2020 12:18:05 -0600
Message-ID: <08fad79e-9b6b-6ff4-66fd-c32fdf5b7189@grinta.net>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------FF510D616C8965FEA3E477E1"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="28699"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0)
 Gecko/20100101 Thunderbird/68.10.0
To: Emacs developers <emacs-devel@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri Jul 10 20:18:55 2020
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1jtxbr-0007Li-0r
	for ged-emacs-devel@m.gmane-mx.org; Fri, 10 Jul 2020 20:18:55 +0200
Original-Received: from localhost ([::1]:56684 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1jtxbp-00036f-Vx
	for ged-emacs-devel@m.gmane-mx.org; Fri, 10 Jul 2020 14:18:54 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:42218)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <daniele@grinta.net>)
 id 1jtxbB-0002gi-Dx
 for emacs-devel@gnu.org; Fri, 10 Jul 2020 14:18:13 -0400
Original-Received: from grinta.net ([109.74.203.128]:55466)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <daniele@grinta.net>) id 1jtxb9-0004b4-3q
 for emacs-devel@gnu.org; Fri, 10 Jul 2020 14:18:13 -0400
Original-Received: from 688dnmac.campus.nist.gov (unknown [132.163.252.162])
 (Authenticated sender: daniele)
 by grinta.net (Postfix) with ESMTPSA id A8CA0E0EFA
 for <emacs-devel@gnu.org>; Fri, 10 Jul 2020 18:18:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=grinta.net; s=2020;
 t=1594405087; bh=ESd8UuN8bmmZOdVmUfL+M7xaId4+fD1Bw3ki8gkArI0=;
 h=To:From:Subject:Date:From;
 b=P6yZozhIxqQ9i1n017xg41tAEkPLxrlY96Ev5WagJyhpGH1Z7HxxpdA/nbXicpme+
 +ho5wAKVYpv8ANWPKrcXn4VGk8VKChNYZd0hzb3S3nxQUsC9vGsND1HkTvuk5w810C
 LIHOGZTpt6gq0Muvgb9x8mXMeM9CAs27r5PZ9tPOp8/ZtTVAGqW8WWSOQ0MMB2C1sd
 JuAy6TunX7YoB7Ce+B8J2lJqOr+UKuHzbHuFn+BRO/vxCto1ut1LTh2kEVL52hsBbQ
 l4T050Q7EfDMoskLNUD3QolgAXlB4XGewcZkv3IS2viw4De3t90zJjilrnj3cvr/rS
 ICc//fXStKuNw==
Content-Language: en-US
Received-SPF: pass client-ip=109.74.203.128; envelope-from=daniele@grinta.net;
 helo=grinta.net
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/10 14:18:08
X-ACL-Warn: Detected OS   = Linux 2.2.x-3.x [generic]
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:252832
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/252832>

This is a multi-part message in MIME format.
--------------FF510D616C8965FEA3E477E1
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Hello,

url-retrieve-synchronously fails to obey redirect responses if the
returned "Location" header contains spaces: it redirects to the URL
truncated to the first space. It seems that spaces in the Location
header value are allowed (at least ngnix produces headers like that).

If I understand the code correctly, the redirect response in interpreted
in url-http-parse-headers where the header is explicitly truncated:

	 (when redirect-uri
	   ;; Clean off any whitespace and/or <...> cruft.
	   (if (string-match "\\([^ \t]+\\)[ \t]" redirect-uri)
	       (setq redirect-uri (match-string 1 redirect-uri)))
	   (if (string-match "^<\\(.*\\)>$" redirect-uri)
	       (setq redirect-uri (match-string 1 redirect-uri)))

I think the first regular expression is wrong. I believe that its intent
is to remove leading and trailing white space, but it actually truncates
the value to the first white space character. Also, redirect-uri is
obtained with

       (let ((redirect-uri (or (mail-fetch-field "Location")
			       (mail-fetch-field "URI"))))

and mail-fetch-field already removes leading and trailing whitespace.

I think the attached patch should fix the problem.

Finally, the removal of the < > delimiters seems unnecessary too as they
are not allowed delimiters in HTTP headers (in my reading of
https://tools.ietf.org/html/rfc7230) however there are no adverse
consequences in leaving it there.

Cheers,
Dan

--------------FF510D616C8965FEA3E477E1
Content-Type: text/plain; charset=UTF-8; x-mac-type="0"; x-mac-creator="0";
 name="0001-url-http-Fix-handling-of-redirect-locations-containi.patch"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename*0="0001-url-http-Fix-handling-of-redirect-locations-containi.pa";
 filename*1="tch"

RnJvbSBmMjQwOGVhYWExZTJhZmI2YmUxNTU4OGUwZjhmOGEyYzNjZmUxZWM2IE1vbiBTZXAg
MTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBEYW5pZWxlIE5pY29sb2RpIDxkYW5pZWxlQGdyaW50
YS5uZXQ+CkRhdGU6IEZyaSwgMTAgSnVsIDIwMjAgMTI6MTY6MDEgLTA2MDAKU3ViamVjdDog
W1BBVENIXSB1cmwtaHR0cDogRml4IGhhbmRsaW5nIG9mIHJlZGlyZWN0IGxvY2F0aW9ucyBj
b250YWluaW5nCiB3aGl0ZXNwYWNlCgotLS0KIGxpc3AvdXJsL3VybC1odHRwLmVsIHwgNCAr
LS0tCiAxIGZpbGUgY2hhbmdlZCwgMSBpbnNlcnRpb24oKyksIDMgZGVsZXRpb25zKC0pCgpk
aWZmIC0tZ2l0IGEvbGlzcC91cmwvdXJsLWh0dHAuZWwgYi9saXNwL3VybC91cmwtaHR0cC5l
bAppbmRleCA2NjljMjQ1NzFmLi5iN2Q2ZjQyZWQ1IDEwMDY0NAotLS0gYS9saXNwL3VybC91
cmwtaHR0cC5lbAorKysgYi9saXNwL3VybC91cmwtaHR0cC5lbApAQCAtNzAyLDkgKzcwMiw3
IEBAIHNob3VsZCBiZSBzaG93biB0byB0aGUgdXNlci4iCiAJICAgIDs7IFRyZWF0IGV2ZXJ5
dGhpbmcgbGlrZSAnMzAwJwogCSAgICBuaWwpKQogCSAod2hlbiByZWRpcmVjdC11cmkKLQkg
ICA7OyBDbGVhbiBvZmYgYW55IHdoaXRlc3BhY2UgYW5kL29yIDwuLi4+IGNydWZ0LgotCSAg
IChpZiAoc3RyaW5nLW1hdGNoICJcXChbXiBcdF0rXFwpWyBcdF0iIHJlZGlyZWN0LXVyaSkK
LQkgICAgICAgKHNldHEgcmVkaXJlY3QtdXJpIChtYXRjaC1zdHJpbmcgMSByZWRpcmVjdC11
cmkpKSkKKwkgICA7OyBDbGVhbiBvZmYgYW55IDwuLi4+IGNydWZ0LgogCSAgIChpZiAoc3Ry
aW5nLW1hdGNoICJePFxcKC4qXFwpPiQiIHJlZGlyZWN0LXVyaSkKIAkgICAgICAgKHNldHEg
cmVkaXJlY3QtdXJpIChtYXRjaC1zdHJpbmcgMSByZWRpcmVjdC11cmkpKSkKIAotLSAKMi4y
NC4zIChBcHBsZSBHaXQtMTI4KQoK
--------------FF510D616C8965FEA3E477E1--