Browse Source

Detect non-local file URIs when reading the configuration.

If a file-based URI contains an authority part that is not 'localhost',
error out when reading the configuration instead of letting the file
module detect and ignore the error later.
master
Damien Goutte-Gattat 2 months ago
parent
commit
3b339650d3
  1. 1
      src/gfsec-errors.h
  2. 33
      src/secretcfg.c
  3. 7
      tests/t-parseuri.c

1
src/gfsec-errors.h

@ -34,3 +34,4 @@ GFSEC_ERROR(CONFIG_INVALID_URI_PATH, -15, _("Invalid path in share URI"))
GFSEC_ERROR(CONFIG_INVALID_URI_PARAM, -16, _("Invalid parameter in share URI"))
GFSEC_ERROR(CONFIG_MISSING_AUTHORITY, -17, _("Missing authority in share URI"))
GFSEC_ERROR(CONFIG_MISSING_SHARENR, -18, _("Missing share number"))
GFSEC_ERROR(CONFIG_NONLOCAL_FILE_URI, -19, _("Invalid non-local file URI"))

33
src/secretcfg.c

@ -73,15 +73,20 @@ get_line(FILE *f, char *buffer, size_t len)
* @param uri The address of the URI string. The pointer is
* advanced to the '/' character separating the
* authority from the path.
* @param authority The address of a newly allocated buffer to
* store the authority.
* @param share The share object to which the authority will be
* assigned.
*
* @return 0 if the authority was successfully extracted, or
* GFSEC_ERR_CONFIG_INVALID_URI if the uri did not contain a '/'
* character.
* @return
* - 0 if successful;
* - GFSEC_ERR_CONFIG_INVALID_URI if the URI does not contain a '/'
* character;
* - GFSEC_ERR_CONFIG_MISSING_AUTHORITY if the authority portion is
* empty and the scheme is not 'file://';
* - GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI if the scheme is 'file://'
* and the authority is not 'localhost'.
*/
static int
parse_authority(const char **uri, char **authority)
parse_authority(const char **uri, gfsec_share_t *share)
{
char *slash;
@ -89,9 +94,18 @@ parse_authority(const char **uri, char **authority)
return GFSEC_ERR_CONFIG_INVALID_URI;
if ( slash > *uri ) {
*authority = xstrndup(*uri, slash - *uri);
size_t len = slash - *uri;
if ( share->scheme == GFSEC_SCHEME_FILE ) {
if ( len != 9 || strncmp(*uri, "localhost", len) != 0 )
return GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI;
}
share->authority = xstrndup(*uri, len);
*uri = slash;
}
else if ( share->scheme != GFSEC_SCHEME_FILE )
return GFSEC_ERR_CONFIG_MISSING_AUTHORITY;
return 0;
}
@ -316,10 +330,7 @@ gfsec_parse_uri(const char *uri, gfsec_secret_t *secret, int assign)
rc = GFSEC_ERR_CONFIG_UNKNOWN_SCHEME;
if ( rc == 0 )
rc = parse_authority(&p, &(share->authority));
if ( ! share->authority && share->scheme != GFSEC_SCHEME_FILE )
rc = GFSEC_ERR_CONFIG_MISSING_AUTHORITY;
rc = parse_authority(&p, share);
if ( rc == 0 )
rc = parse_path(&p, &(share->path));

7
tests/t-parseuri.c

@ -73,6 +73,13 @@ struct test tests[] = {
{ "http:///", GFSEC_ERR_CONFIG_MISSING_AUTHORITY },
{ "https:///", GFSEC_ERR_CONFIG_MISSING_AUTHORITY },
/* Non-localhost authority for file-based URIs. */
{ "file://localhost/path/to/share.123",
0, GFSEC_SCHEME_FILE, "localhost", "/path/to/share.123", 123, 0 },
{ "file://abc/path/to/share.123", GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI },
{ "file://abcdefghjklm/path/to/share.123", GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI },
{ "file://localhostabc/path/to/share.123", GFSEC_ERR_CONFIG_NONLOCAL_FILE_URI },
/* Empty path. */
{ "file:///", GFSEC_ERR_CONFIG_INVALID_URI_PATH },
{ "file:///?param=value", GFSEC_ERR_CONFIG_INVALID_URI_PATH },

Loading…
Cancel
Save