From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Daniel Hartwig Newsgroups: gmane.lisp.guile.bugs Subject: bug#10109: [PATCH] (web http): list-style headers do not validate Date: Sun, 27 Nov 2011 23:11:08 +0800 Message-ID: References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=e89a8f923a9cbb504d04b2b8cb23 X-Trace: dough.gmane.org 1322406685 6987 80.91.229.12 (27 Nov 2011 15:11:25 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 27 Nov 2011 15:11:25 +0000 (UTC) To: 10109@debbugs.gnu.org Original-X-From: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Sun Nov 27 16:11:21 2011 Return-path: Envelope-to: guile-bugs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RUgO0-00023X-KP for guile-bugs@m.gmane.org; Sun, 27 Nov 2011 16:11:20 +0100 Original-Received: from localhost ([::1]:55366 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RUgNz-0005LK-9k for guile-bugs@m.gmane.org; Sun, 27 Nov 2011 10:11:19 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:36375) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RUgNv-0005L4-Av for bug-guile@gnu.org; Sun, 27 Nov 2011 10:11:16 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RUgNt-00023U-IM for bug-guile@gnu.org; Sun, 27 Nov 2011 10:11:15 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:38979) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RUgNt-00023O-Gh for bug-guile@gnu.org; Sun, 27 Nov 2011 10:11:13 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1RUgPe-0004SV-4P for bug-guile@gnu.org; Sun, 27 Nov 2011 10:13:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Daniel Hartwig Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-guile@gnu.org Resent-Date: Sun, 27 Nov 2011 15:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 10109 X-GNU-PR-Package: guile X-GNU-PR-Keywords: patch Original-Received: via spool by 10109-submit@debbugs.gnu.org id=B10109.132240678117132 (code B ref 10109); Sun, 27 Nov 2011 15:13:02 +0000 Original-Received: (at 10109) by debbugs.gnu.org; 27 Nov 2011 15:13:01 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RUgPc-0004SH-Gc for submit@debbugs.gnu.org; Sun, 27 Nov 2011 10:13:00 -0500 Original-Received: from mail-iy0-f172.google.com ([209.85.210.172]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RUgPZ-0004S6-T5 for 10109@debbugs.gnu.org; Sun, 27 Nov 2011 10:12:58 -0500 Original-Received: by iaeo4 with SMTP id o4so7501020iae.3 for <10109@debbugs.gnu.org>; Sun, 27 Nov 2011 07:11:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RbrYrCl5mqTAi+F+rtjKJg6dkjpkP6ChzKUFLCnVzeo=; b=xvHIfEU8tErJZwwPxO5ayWU3hr0aMG/Wm7xB01H4tyl5c6Ufu5ZhLUhogKJou3eKY1 SSyiTwJ89k8teGXjqbqmSsNCocUnZwrXiCdICXygKs9z598J3ggjlUJeSiMcCxA1nNtF r6Lymn7lLfbKsGOwUXjVHL3kbGHD6/ZSUxpGw= Original-Received: by 10.50.140.1 with SMTP id rc1mr49652315igb.25.1322406668619; Sun, 27 Nov 2011 07:11:08 -0800 (PST) Original-Received: by 10.231.206.138 with HTTP; Sun, 27 Nov 2011 07:11:08 -0800 (PST) In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Sun, 27 Nov 2011 10:13:02 -0500 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-guile@gnu.org List-Id: "Bug reports for GUILE, GNU's Ubiquitous Extension Language" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Original-Sender: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.bugs:5952 Archived-At: --e89a8f923a9cbb504d04b2b8cb23 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hello again My apologies for not noticing earlier, but I have spotted a couple minor issues with both the previous patch and original code that are corrected by the attached. All relate to the "Cache-Control" header: - `max-stale' has optional value (previous code requires it) - some directives do not have values (`no-store', etc.) - there are `cache-extension' directives that may or may not have a value Attached patch tidies this up, with explicit validation of all defined directives, though it leaves open one issue with the cache-extension directives: ;; cache-extension =3D token [ "=3D" ( token | quoted-string ) ] scheme@(web http)> (read-header (open-input-string "Cache-Control: foo=3D\"qstring\"\r\n")) $102 =3D cache-control $103 =3D ((foo . "qstring")) scheme@(web http)> (write-header 'cache-control $103 (current-output-port)) (newline) Cache-Control: foo=3Dqstring You see quotes around `qstring' are dropped, `parse-key-value-list' appears inadequate to distinguish between a token and quoted-string when passing values to the `val-parser'. This looks like it will raise itself in edge cases for some other headers. Will file a new bug if needed after investigation. Regards Daniel On 23 November 2011 02:18, Daniel Hartwig wrote: > Package: guile > Version: 2.0.3 > Tags: patch > > Many of the list-style headers from (web http) do not validate > correctly. =A0The test suite only checks that the header's parse and > does not test the associated validators. > > Attached is a very quick patch (0002) which exposes the failing > validators through the test-suite: > > $ ./guile-test tests/web-http.test > Running tests/web-http.test > ... > FAIL: tests/web-http.test: general headers: cache-control: > "no-transform" -> (no-transform) > [...] --e89a8f923a9cbb504d04b2b8cb23 Content-Type: text/x-patch; charset=US-ASCII; name="0001-Extend-handling-of-Cache-Control-header.patch" Content-Disposition: attachment; filename="0001-Extend-handling-of-Cache-Control-header.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gvi6qewh2 RnJvbSBiZjJhMDAyMTNjNjBjYzQ3YzZjMzI1N2EwYWZlODg1ZmNhMDQ0ZDI3IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBEYW5pZWwgSGFydHdpZyA8bWFuZHlrZUBnbWFpbC5jb20+CkRh dGU6IFN1biwgMjcgTm92IDIwMTEgMjI6Mzc6MjQgKzA4MDAKU3ViamVjdDogW1BBVENIXSBFeHRl bmQgaGFuZGxpbmcgb2YgIkNhY2hlLUNvbnRyb2wiIGhlYWRlci4KCiogbW9kdWxlL3dlYi9odHRw LnNjbSAoIkNhY2hlLUNvbnRyb2wiKTogVmFsdWUgZm9yIGBtYXgtc3RhbGUnIGlzCiAgb3B0aW9u YWwuICBTdHJpY3QgdmFsaWRhdGlvbiBmb3IgdmFsdWUtbGVzcyBkaXJlY3RpdmVzIChgbm8tc3Rv cmUnLAogIGV0Yy4pLiAgU3RyaW5nIHZhbHVlcyBvcHRpb25hbCBmb3IgImNhY2hlLWV4dGVuc2lv biIgZGlyZWN0aXZlcy4KKiB0ZXN0LXN1aXRlL3Rlc3RzL3dlYi1odHRwLnRlc3Q6IFZhbHVlIGZv ciBgbWF4LXN0YWxlJyBpcyBvcHRpb25hbC4KLS0tCiBtb2R1bGUvd2ViL2h0dHAuc2NtICAgICAg ICAgICAgfCAgIDEyICsrKysrKysrKy0tLQogdGVzdC1zdWl0ZS90ZXN0cy93ZWItaHR0cC50ZXN0 IHwgICAgMiArKwogMiBmaWxlcyBjaGFuZ2VkLCAxMSBpbnNlcnRpb25zKCspLCAzIGRlbGV0aW9u cygtKQoKZGlmZiAtLWdpdCBhL21vZHVsZS93ZWIvaHR0cC5zY20gYi9tb2R1bGUvd2ViL2h0dHAu c2NtCmluZGV4IGRjNzQyYTEuLjIwZWEyYWEgMTAwNjQ0Ci0tLSBhL21vZHVsZS93ZWIvaHR0cC5z Y20KKysrIGIvbW9kdWxlL3dlYi9odHRwLnNjbQpAQCAtMTI0MCwxOSArMTI0MCwyNSBAQCBwaHJh c2VcIi4iCiAoZGVjbGFyZS1rZXktdmFsdWUtbGlzdC1oZWFkZXIhICJDYWNoZS1Db250cm9sIgog ICAobGFtYmRhIChrIHYtc3RyKQogICAgIChjYXNlIGsKLSAgICAgICgobWF4LWFnZSBtYXgtc3Rh bGUgbWluLWZyZXNoIHMtbWF4YWdlKQorICAgICAgKChtYXgtYWdlIG1pbi1mcmVzaCBzLW1heGFn ZSkKICAgICAgICAocGFyc2Utbm9uLW5lZ2F0aXZlLWludGVnZXIgdi1zdHIpKQorICAgICAgKCht YXgtc3RhbGUpCisgICAgICAgKGFuZCB2LXN0ciAocGFyc2Utbm9uLW5lZ2F0aXZlLWludGVnZXIg di1zdHIpKSkKICAgICAgICgocHJpdmF0ZSBuby1jYWNoZSkKICAgICAgICAoYW5kIHYtc3RyIChz cGxpdC1oZWFkZXItbmFtZXMgdi1zdHIpKSkKICAgICAgIChlbHNlIHYtc3RyKSkpCiAgIChsYW1i ZGEgKGsgdikKICAgICAoY2FzZSBrCi0gICAgICAoKG1heC1hZ2UgbWF4LXN0YWxlIG1pbi1mcmVz aCBzLW1heGFnZSkKKyAgICAgICgobWF4LWFnZSBtaW4tZnJlc2ggcy1tYXhhZ2UpCiAgICAgICAg KG5vbi1uZWdhdGl2ZS1pbnRlZ2VyPyB2KSkKKyAgICAgICgobWF4LXN0YWxlKQorICAgICAgIChv ciAobm90IHYpIChub24tbmVnYXRpdmUtaW50ZWdlcj8gdikpKQogICAgICAgKChwcml2YXRlIG5v LWNhY2hlKQogICAgICAgIChvciAobm90IHYpIChsaXN0LW9mLWhlYWRlci1uYW1lcz8gdikpKQor ICAgICAgKChuby1zdG9yZSBuby10cmFuc2Zvcm0gb25seS1pZi1jYWNoZSBtdXN0LXJldmFsaWRh dGUgcHJveHktcmV2YWxpZGF0ZSkKKyAgICAgICAobm90IHYpKQogICAgICAgKGVsc2UKLSAgICAg ICAobm90IHYpKSkpCisgICAgICAgKG9yIChub3QgdikgKHN0cmluZz8gdikpKSkpCiAgIChsYW1i ZGEgKGsgdiBwb3J0KQogICAgIChjb25kCiAgICAgICgoc3RyaW5nPyB2KSAoZGlzcGxheSB2IHBv cnQpKQpkaWZmIC0tZ2l0IGEvdGVzdC1zdWl0ZS90ZXN0cy93ZWItaHR0cC50ZXN0IGIvdGVzdC1z dWl0ZS90ZXN0cy93ZWItaHR0cC50ZXN0CmluZGV4IGI2YWJiZjMuLmI1MjQ3YWIgMTAwNjQ0Ci0t LSBhL3Rlc3Qtc3VpdGUvdGVzdHMvd2ViLWh0dHAudGVzdAorKysgYi90ZXN0LXN1aXRlL3Rlc3Rz L3dlYi1odHRwLnRlc3QKQEAgLTgzLDYgKzgzLDggQEAKICAgICAgICAgICAgICAgICAgJygocHJp dmF0ZSAuIChmb28pKSkpCiAgIChwYXNzLWlmLXBhcnNlIGNhY2hlLWNvbnRyb2wgIm5vLWNhY2hl LG1heC1hZ2U9MTAiCiAgICAgICAgICAgICAgICAgICcobm8tY2FjaGUgKG1heC1hZ2UgLiAxMCkp KQorICAocGFzcy1pZi1wYXJzZSBjYWNoZS1jb250cm9sICJtYXgtc3RhbGUiICcobWF4LXN0YWxl KSkKKyAgKHBhc3MtaWYtcGFyc2UgY2FjaGUtY29udHJvbCAibWF4LXN0YWxlPTEwIiAnKChtYXgt c3RhbGUgLiAxMCkpKQogCiAgIChwYXNzLWlmLXBhcnNlIGNvbm5lY3Rpb24gImNsb3NlIiAnKGNs b3NlKSkKICAgKHBhc3MtaWYtcGFyc2UgY29ubmVjdGlvbiAiQ29udGVudC1FbmNvZGluZyIgJyhj b250ZW50LWVuY29kaW5nKSkKLS0gCjEuNy4yLjUKCg== --e89a8f923a9cbb504d04b2b8cb23--