[haiku-commits] haiku: hrev47610 - src/kits/network/libnetapi build/jam/repositories/HaikuPorts

  • From: pulkomandy@xxxxxxxxxxxxx
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Fri, 1 Aug 2014 09:40:53 +0200 (CEST)

hrev47610 adds 3 changesets to branch 'master'
old head: dcef881fe6756028e3d026e0ccc7f7edbc44131c
new head: f0245dc22552eb88a8ee73b2f76046f7eea5aedb
overview: http://cgit.haiku-os.org/haiku/log/?qt=range&q=f0245dc+%5Edcef881

----------------------------------------------------------------------------

eec7626: Safer URL decoding.
  
  Some URLs may use the % character for other purposes than URL-encoding
  (this is seen in some data URLs). Make sure we parse that properly, and
  avoid a possible out of bounds access if the percent char is near the
  end of the string.

6bd0ac9: Data URLs: parse the whole URL, not just the path.
  
  The RFC for Data URLs specifies a nonstandard format, and because of
  this it doesn't support queries and fragments. This allows the use of
  the # and ? characters in the URL data. We didn't handle this properly,
  which would lead to truncated data.

f0245dc: Replace broken curl and ca_root_certificates
  
  * Remove unneeded path mashup in curl to find the ca_root_certificates
  and use the file in .self/data/ssl. This makes it possible to rename the
  package providing ca_root_certificates without everything exploding.
  * Use a certificate file in the format cURL expects, not Mozilla source
  file in NSS format.

                             [ Adrien Destugues <pulkomandy@xxxxxxxxxxxxx> ]

----------------------------------------------------------------------------

3 files changed, 30 insertions(+), 10 deletions(-)
build/jam/repositories/HaikuPorts/x86_gcc2 |  6 +++---
src/kits/network/libnetapi/DataRequest.cpp | 10 +++++++++-
src/kits/network/libnetapi/Url.cpp         | 24 ++++++++++++++++++------

############################################################################

Commit:      eec762686b49d4850c3bdfa32c75faffe834c688
URL:         http://cgit.haiku-os.org/haiku/commit/?id=eec7626
Author:      Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>
Date:        Wed Jul 30 13:51:13 2014 UTC

Safer URL decoding.

Some URLs may use the % character for other purposes than URL-encoding
(this is seen in some data URLs). Make sure we parse that properly, and
avoid a possible out of bounds access if the percent char is near the
end of the string.

----------------------------------------------------------------------------

diff --git a/src/kits/network/libnetapi/Url.cpp 
b/src/kits/network/libnetapi/Url.cpp
index 0acc611..868d6fc 100644
--- a/src/kits/network/libnetapi/Url.cpp
+++ b/src/kits/network/libnetapi/Url.cpp
@@ -1004,14 +1004,26 @@ BUrl::_DoUrlDecodeChunk(const BString& chunk, bool 
strict)
        for (int32 i = 0; i < chunk.Length(); i++) {
                if (chunk[i] == '+' && !strict)
                        result << ' ';
-               else if (chunk[i] != '%')
-                       result << chunk[i];
                else {
-                       char hexString[] = { chunk[i + 1], chunk[i + 2], 0 };
-                       result << (char)strtol(hexString, NULL, 16);
+                       bool isEncoded = false;
+                       char decoded = 0;
+
+                       if (chunk[i] == '%' && i < chunk.Length() - 2)
+                       {
+                               char hexString[] = { chunk[i + 1], chunk[i + 
2], 0 };
+                               char* out = NULL;
+                               decoded = (char)strtol(hexString, &out, 16);
+                               if (out == hexString + 2) {
+                                       isEncoded = true;
+                                       i += 2;
+                               }
+                       }
 
-                       i += 2;
-               }
+                       if (isEncoded)
+                               result << decoded;
+                       else
+                               result << chunk[i];
+               } 
        }
        return result;
 }

############################################################################

Commit:      6bd0ac94896d11bc915cd16b0104583a32e6f7e2
URL:         http://cgit.haiku-os.org/haiku/commit/?id=6bd0ac9
Author:      Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>
Date:        Wed Jul 30 13:52:46 2014 UTC

Data URLs: parse the whole URL, not just the path.

The RFC for Data URLs specifies a nonstandard format, and because of
this it doesn't support queries and fragments. This allows the use of
the # and ? characters in the URL data. We didn't handle this properly,
which would lead to truncated data.

----------------------------------------------------------------------------

diff --git a/src/kits/network/libnetapi/DataRequest.cpp 
b/src/kits/network/libnetapi/DataRequest.cpp
index 40c8c25..c650c73 100644
--- a/src/kits/network/libnetapi/DataRequest.cpp
+++ b/src/kits/network/libnetapi/DataRequest.cpp
@@ -39,8 +39,16 @@ BDataRequest::_ProtocolLoop()
        ssize_t length;
        bool isBase64 = false;
 
+       // The RFC has examples where some characters are URL-Encoded.
        fUrl.UrlDecode(true);
-       BString data = fUrl.Path();
+
+       // The RFC says this uses a nonstandard scheme, so the path, query and
+       // fragment are a bit nonsensical. It would be nice to handle them, but
+       // some software (eg. WebKit) relies on data URIs with embedded "#" char
+       // in the data...
+       BString data = fUrl.UrlString();
+       data.Remove(0, 5); // remove "data:"
+
        int separatorPosition = data.FindFirst(',');
 
        if (fListener != NULL)

############################################################################

Revision:    hrev47610
Commit:      f0245dc22552eb88a8ee73b2f76046f7eea5aedb
URL:         http://cgit.haiku-os.org/haiku/commit/?id=f0245dc
Author:      Adrien Destugues <pulkomandy@xxxxxxxxxxxxx>
Date:        Fri Aug  1 07:31:58 2014 UTC

Replace broken curl and ca_root_certificates

* Remove unneeded path mashup in curl to find the ca_root_certificates
and use the file in .self/data/ssl. This makes it possible to rename the
package providing ca_root_certificates without everything exploding.
* Use a certificate file in the format cURL expects, not Mozilla source
file in NSS format.

----------------------------------------------------------------------------

diff --git a/build/jam/repositories/HaikuPorts/x86_gcc2 
b/build/jam/repositories/HaikuPorts/x86_gcc2
index a99da06..124721b 100644
--- a/build/jam/repositories/HaikuPorts/x86_gcc2
+++ b/build/jam/repositories/HaikuPorts/x86_gcc2
@@ -4,7 +4,7 @@ RemotePackageRepository HaikuPorts
        :
        # architecture "any" packages
        be_book-2008_10_26-1
-       ca_root_certificates-2014_04_08-1
+       ca_root_certificates-2014_04_08-2
        docbook_xml_dtd-4.5-1
        docbook_xsl_stylesheets-1.78.1-1
        openttd_gfx-0.4.7-1
@@ -46,8 +46,8 @@ RemotePackageRepository HaikuPorts
        cdrtools-3.01~a18-1
        cdrtools_devel-3.01~a18-1
        ctags-5.8-3
-       curl-7.35.0-1
-       curl_devel-7.35.0-1
+       curl-7.37.0-2
+       curl_devel-7.37.0-2
        cvs-1.12.13.1-6
        distcc-3.1-2
        dmidecode-2.12-2


Other related posts: