* bug#40582: Valid URIs are rejected @ 2020-04-12 19:44 Julien Lepiller 2020-06-17 21:57 ` Ludovic Courtès 0 siblings, 1 reply; 4+ messages in thread From: Julien Lepiller @ 2020-04-12 19:44 UTC (permalink / raw) To: 40582 Hi, Using (web uri), I was trying to parse "uri://a/c". Reading RFC3986, it should be a valid URI (see rule for reg-name in 3.2.2). However, passing it to string->uri results in #f. I've tracked this down to valid-host? which returns #f for "a". The reason is that the regexp checking if the host is an ipv6 matches "a", which shouldn't happen because a is not an ipv6 address. Indeed, when I try (string->uri "uri://g/b"), I get the expected result. ^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#40582: Valid URIs are rejected 2020-04-12 19:44 bug#40582: Valid URIs are rejected Julien Lepiller @ 2020-06-17 21:57 ` Ludovic Courtès 2020-06-18 1:17 ` Julien Lepiller 0 siblings, 1 reply; 4+ messages in thread From: Ludovic Courtès @ 2020-06-17 21:57 UTC (permalink / raw) To: Julien Lepiller; +Cc: 40582 [-- Attachment #1: Type: text/plain, Size: 802 bytes --] Hi Julien, Julien Lepiller <julien@lepiller.eu> skribis: > Using (web uri), I was trying to parse "uri://a/c". Reading RFC3986, it should be a valid URI (see rule for reg-name in 3.2.2). However, passing it to string->uri results in #f. I've tracked this down to valid-host? which returns #f for "a". > > The reason is that the regexp checking if the host is an ipv6 matches "a", which shouldn't happen because a is not an ipv6 address. Indeed, when I try (string->uri "uri://g/b"), I get the expected result. Right. ‘authority-regexp’ is fine, but ‘ipv6-regexp’, used by ‘valid-host?’, was too lax and would match “a” because it’s an hex digit sequence. The regexp below is still an approximation, but I think a better one. Can you confirm? Thanks, Ludo’. [-- Attachment #2: Type: text/x-patch, Size: 1558 bytes --] diff --git a/module/web/uri.scm b/module/web/uri.scm index b4b89b9cc..d76432737 100644 --- a/module/web/uri.scm +++ b/module/web/uri.scm @@ -188,7 +188,7 @@ for ‘build-uri’ except there is no scheme." (define ipv4-regexp (make-regexp (string-append "^([" digits ".]+)$"))) (define ipv6-regexp - (make-regexp (string-append "^([" hex-digits ":.]+)$"))) + (make-regexp (string-append "^([" hex-digits "]*:[" hex-digits ":.]+)$"))) (define domain-label-regexp (make-regexp (string-append "^[" letters digits "]" diff --git a/test-suite/tests/web-uri.test b/test-suite/tests/web-uri.test index 94778acac..95fd82f16 100644 --- a/test-suite/tests/web-uri.test +++ b/test-suite/tests/web-uri.test @@ -1,6 +1,6 @@ ;;;; web-uri.test --- URI library -*- mode: scheme; coding: utf-8; -*- ;;;; -;;;; Copyright (C) 2010-2012, 2014, 2017, 2019 Free Software Foundation, Inc. +;;;; Copyright (C) 2010-2012, 2014, 2017, 2019, 2020 Free Software Foundation, Inc. ;;;; ;;;; This library is free software; you can redistribute it and/or ;;;; modify it under the terms of the GNU Lesser General Public @@ -179,6 +179,13 @@ #:port 22 #:path "/baz")) + (pass-if-equal "xyz://abc/x/y/z" ;<https://bugs.gnu.org/40582> + (list 'xyz "abc" "/x/y/z") + (let ((uri (string->uri "xyz://abc/x/y/z"))) + (list (uri-scheme uri) + (uri-host uri) + (uri-path uri)))) + (pass-if "http://bad.host.1" (not (string->uri "http://bad.host.1"))) ^ permalink raw reply related [flat|nested] 4+ messages in thread
* bug#40582: Valid URIs are rejected 2020-06-17 21:57 ` Ludovic Courtès @ 2020-06-18 1:17 ` Julien Lepiller 2020-06-18 15:07 ` Ludovic Courtès 0 siblings, 1 reply; 4+ messages in thread From: Julien Lepiller @ 2020-06-18 1:17 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 40582 Le 17 juin 2020 17:57:33 GMT-04:00, "Ludovic Courtès" <ludo@gnu.org> a écrit : >Hi Julien, > >Julien Lepiller <julien@lepiller.eu> skribis: > >> Using (web uri), I was trying to parse "uri://a/c". Reading RFC3986, >it should be a valid URI (see rule for reg-name in 3.2.2). However, >passing it to string->uri results in #f. I've tracked this down to >valid-host? which returns #f for "a". >> >> The reason is that the regexp checking if the host is an ipv6 matches >"a", which shouldn't happen because a is not an ipv6 address. Indeed, >when I try (string->uri "uri://g/b"), I get the expected result. > >Right. ‘authority-regexp’ is fine, but ‘ipv6-regexp’, used by >‘valid-host?’, was too lax and would match “a” because it’s an hex >digit >sequence. > >The regexp below is still an approximation, but I think a better one. >Can you confirm? > >Thanks, >Ludo’. Looks slightly better, thanks. That's still incorrect, as it will match things that are not ipv6 addresses. Does it have to be a regexp though? Why not simply check (false-if-exception (inet-pton AF_INET6 host)), as in the return value of valid-host? There's also a ipv6-host-pat that has an incorrect regexp, but I'm not sure what it is used for. ^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#40582: Valid URIs are rejected 2020-06-18 1:17 ` Julien Lepiller @ 2020-06-18 15:07 ` Ludovic Courtès 0 siblings, 0 replies; 4+ messages in thread From: Ludovic Courtès @ 2020-06-18 15:07 UTC (permalink / raw) To: Julien Lepiller; +Cc: 40582-done Hi, Julien Lepiller <julien@lepiller.eu> skribis: > Le 17 juin 2020 17:57:33 GMT-04:00, "Ludovic Courtès" <ludo@gnu.org> a écrit : [...] >>The regexp below is still an approximation, but I think a better one. >>Can you confirm? >> >>Thanks, >>Ludo’. > > Looks slightly better, thanks. > > That's still incorrect, as it will match things that are not ipv6 addresses. Does it have to be a regexp though? Why not simply check (false-if-exception (inet-pton AF_INET6 host)), as in the return value of valid-host? Using a regexp makes the code closer to the RFC since the RFC explicitly describes the grammar. It’s also the simple choice here. > There's also a ipv6-host-pat that has an incorrect regexp, but I'm not sure what it is used for. It’s use for ‘authority-regexp’, but that one is fine: it requires square brackets around IPv6 addresses. Pushed as 1ab2105339f60dba20c8c9680e49110501f3a6a0. Thanks, Ludo’. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-06-18 15:07 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-04-12 19:44 bug#40582: Valid URIs are rejected Julien Lepiller 2020-06-17 21:57 ` Ludovic Courtès 2020-06-18 1:17 ` Julien Lepiller 2020-06-18 15:07 ` Ludovic Courtès
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).