Mailing List Archive

On Wed, Aug 17, 2022 at 02:05:09PM +0100, Joe Orton wrote:
> On Fri, Nov 12, 2021 at 06:12:58PM -0000, ylavic@apache.org wrote:
> > Author: ylavic
> > Date: Fri Nov 12 18:12:58 2021
> > New Revision: 1894982
> >
> > URL: http://svn.apache.org/viewvc?rev=1894982&view=rev
> > Log:
> > apreq_header_attribute: Search for the exact attribute name.
> >
> > Improve the parsing of the header attributes such that we don't match any
> > special character before that attribute name (e.g. "(boundary=") or let
> > forbidden characters unnoticed.

Yann, it appears this change is also breaking the "params" test case in
the apreq test suite. A test is trying to parse a content-type like
header:

https://svn.apache.org/viewvc/httpd/apreq/trunk/library/t/params.c?revision=1903492&view=markup#l100

it fails when reaching the '/' in "text/plain" which is a non-token
character:

default:
/* The name is a token */
if (!IS_TOKEN_CHAR(*hde))
return APREQ_ERROR_BADCHAR;

Unless this is an invalid use case (the test case implies otherwise)
this seems like a regression as well?

Regrads, Joe

On Wed, Aug 17, 2022 at 3:05 PM Joe Orton <jorton@redhat.com> wrote:
>
> This is an infinite loop. The libapreq test suite is spinning here,
> "make test" from apreq trunk.

Indeed, should be fixed in r1903495.

Thanks;
Yann.

On Wed, Aug 17, 2022 at 3:40 PM Joe Orton <jorton@redhat.com> wrote:
>
> On Wed, Aug 17, 2022 at 02:05:09PM +0100, Joe Orton wrote:
> > On Fri, Nov 12, 2021 at 06:12:58PM -0000, ylavic@apache.org wrote:
> > > Author: ylavic
> > > Date: Fri Nov 12 18:12:58 2021
> > > New Revision: 1894982
> > >
> > > URL: http://svn.apache.org/viewvc?rev=1894982&view=rev
> > > Log:
> > > apreq_header_attribute: Search for the exact attribute name.
> > >
> > > Improve the parsing of the header attributes such that we don't match any
> > > special character before that attribute name (e.g. "(boundary=") or let
> > > forbidden characters unnoticed.
>
> Yann, it appears this change is also breaking the "params" test case in
> the apreq test suite. A test is trying to parse a content-type like
> header:
>
> https://svn.apache.org/viewvc/httpd/apreq/trunk/library/t/params.c?revision=1903492&view=markup#l100
>
> it fails when reaching the '/' in "text/plain" which is a non-token
> character:
>
> default:
> /* The name is a token */
> if (!IS_TOKEN_CHAR(*hde))
> return APREQ_ERROR_BADCHAR;
>
> Unless this is an invalid use case (the test case implies otherwise)
> this seems like a regression as well?

I fixed it in r1903496 by requiring that the name in a name=value pair
only be a token, with no equal sign the attribute is a value only.


Regards;
Yann.

On Wed, Aug 17, 2022 at 06:17:23PM +0200, Yann Ylavic wrote:
> I fixed it in r1903496 by requiring that the name in a name=value pair
> only be a token, with no equal sign the attribute is a value only.

Thanks a lot for committing all the fixes, test suite is passing here
now.

Regards, Joe