[vlc-devel] [PATCH] url: fix vlc_UrlParse for smb/nfs/ftp/sftp

Thomas Guillem thomas at gllm.fr
Mon Dec 4 15:50:11 CET 2017 

Don't only authorize special characters allowed by the http protocol.
Fixes #18991
---
 src/text/url.c | 44 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 38 insertions(+), 6 deletions(-)

diff --git a/src/text/url.c b/src/text/url.c
index dc983c8861..93f4b10736 100644
--- a/src/text/url.c
+++ b/src/text/url.c
@@ -396,9 +396,25 @@ static bool vlc_uri_host_validate(const char *str)
     return vlc_uri_component_validate(str, ":");
 }
 
-static bool vlc_uri_path_validate(const char *str)
+static const struct scheme_pathextras
 {
-    return vlc_uri_component_validate(str, "/@:");
+    const char *scheme;
+    const char *pathextras;
+} scheme_pathextras_list[] = {
+    /* /!\ Alphabetical order /!\ */
+    { "ftp",    "/@: []{}", },
+    { "nfs",    "/@: []{}", },
+    { "sftp",   "/@: []{}", },
+    { "smb",    "/@ []{}", },
+    /* if no matches: allow characters specified by the http protocol. */
+};
+
+static int schemecmp(const void *vkey, const void *ventry)
+{
+    const struct scheme_pathextras *entry = ventry;
+    const char *key = vkey;
+
+    return strncmp(key, entry->scheme, strlen(entry->scheme));
 }
 
 int vlc_UrlParse(vlc_url_t *restrict url, const char *str)
@@ -547,11 +563,27 @@ int vlc_UrlParse(vlc_url_t *restrict url, const char *str)
         url->psz_path = cur;
     }
 
-    if (url->psz_path != NULL && !vlc_uri_path_validate(url->psz_path))
+    if (url->psz_path != NULL)
     {
-        url->psz_path = NULL;
-        errno = EINVAL;
-        ret = -1;
+        /* By default, only these specials characters are allowed in a path
+         * (http protocol) */
+        const char *pathextras = "/@:";
+
+        if (url->psz_protocol != NULL)
+        {
+            const struct scheme_pathextras *e =
+                bsearch(url->psz_protocol, scheme_pathextras_list,
+                        ARRAY_SIZE(scheme_pathextras_list),
+                        sizeof(scheme_pathextras_list[0]), schemecmp);
+            if (e != NULL)
+                pathextras = e->pathextras;
+        }
+        if (!vlc_uri_component_validate(url->psz_path, pathextras))
+        {
+            url->psz_path = NULL;
+            errno = EINVAL;
+            ret = -1;
+        }
     }
 
     return ret;
-- 
2.11.0

More information about the vlc-devel mailing list