[vlc-devel] [PATCH] url: fix vlc_UrlParse for smb/nfs/ftp/sftp

Thomas Guillem thomas at gllm.fr
Mon Dec 4 17:28:13 CET 2017 


On Mon, Dec 4, 2017, at 17:16, Rémi Denis-Courmont wrote:
> Le maanantaina 4. joulukuuta 2017, 16.52.17 EET Francois Cartegnie a
> écrit :
> > Le 04/12/2017 à 16:22, Rémi Denis-Courmont a écrit :
> > > Even filtering by protocol is problematic. For instance, an FTP URL can be
> > > routed through an HTTP proxy, so must follow same rules. Also the generic
> > > resolver function assume HTTP syntax.
> > I still don't see what the requirement is since
> > "HTTP proxies may receive requests for URIs not defined by RFC 1738"
> 
> I doubt that all popula HTTP proxies will handle a whitespace in the URL
> of 
> the HTTP request line.
> 
> > we still need to parse/validate contextually, according to
> > scheme/protocol reserved set, on use.
> 
> That sounds like a nightmare from security and stability point of view. I 
> think that we have no reasonable ways to ascertain the expectations of
> each 
> and every combination of scheme and use site, even less to maintain them
> as 
> the code and underlying lirbaries evolve.
> 
> Regardless, I don't really see what you are hoping to achieve with
> scheme-
> dependent parsing...
> Is there any location for the affected schemes (FTP/S/ES, NFS, SFTP and
> SMB) 
> that can be represented with the patch and cannot be represented in any
> way 
> without the patch? It sure does not look like that to me. Likewise, it
> does 
> not look like any URL that this patch accepts could not be fixed properly
> in 
> vlc_uri_fixup() instead.
> 
> Of course, the parser and the resolver definitely wouldn´t work for
> VLC-custom 
> capture device MRLs and the like. That was never intended to work either. 
> Unfortunately, that means fixing or validating URLs systematically at
> input 
> item level is impossible.

So you are saying we should use vlc_uri_fixup() from SMB/FTP/SFTP
modules before calling vlc_UrlParse. I'm OK with that but I don't get it
when you say "context-sensitive (not protocol-dependent!)". I would have
fixed vlc_uri_fixup by allowing more characters for the path depending
of the uri scheme.

> 
> -- 
> 雷米‧德尼-库尔蒙
> https://www.remlab.net/
> 
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel

More information about the vlc-devel mailing list