1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
From: Georges Basile Stavracas Neto <georges.stavracas@gmail.com>
Subject: Test URI before discovery
Bug: https://gitlab.gnome.org/GNOME/gnome-calendar/-/issues/794
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033239
Origin: https://gitlab.gnome.org/GNOME/gnome-calendar/-/commit/0322bcf54cf1fc37ff74b87fd36e282dc1cf7863
Index: gnome-calendar-43.1/src/utils/gcal-source-discoverer.c
===================================================================
--- gnome-calendar-43.1.orig/src/utils/gcal-source-discoverer.c
+++ gnome-calendar-43.1/src/utils/gcal-source-discoverer.c
@@ -183,6 +183,26 @@ is_authentication_error (gint code)
return FALSE;
}
+static GUri *
+create_and_validate_uri (const gchar *uri,
+ GError **error)
+{
+ g_autoptr (GUri) guri = NULL;
+
+ guri = g_uri_parse (uri, SOUP_HTTP_URI_FLAGS | G_URI_FLAGS_PARSE_RELAXED, error);
+
+ if (!guri)
+ GCAL_RETURN (NULL);
+
+ if (!g_uri_get_host (guri) || g_uri_get_host (guri)[0] == '\0')
+ {
+ g_set_error (error, G_URI_ERROR, G_URI_ERROR_FAILED, "Invalid URI");
+ return NULL;
+ }
+
+ return g_steal_pointer (&guri);
+}
+
/*
* Callbacks
@@ -221,7 +241,7 @@ discover_file_in_thread (DiscovererData
GCAL_ENTRY;
- guri = g_uri_parse (data->uri, SOUP_HTTP_URI_FLAGS | G_URI_FLAGS_PARSE_RELAXED, NULL);
+ guri = create_and_validate_uri (data->uri, error);
if (!guri)
GCAL_RETURN (NULL);
@@ -277,6 +297,7 @@ discover_webdav_in_thread (DiscovererDat
g_autoptr (ESource) source = NULL;
g_autoptr (GError) local_error = NULL;
g_autofree gchar *certificate_pem = NULL;
+ g_autoptr (GUri) guri = NULL;
GTlsCertificateFlags flags;
GSList *discovered_sources = NULL;
GSList *user_addresses = NULL;
@@ -284,6 +305,11 @@ discover_webdav_in_thread (DiscovererDat
GCAL_ENTRY;
+ guri = create_and_validate_uri (data->uri, error);
+
+ if (!guri)
+ GCAL_RETURN (NULL);
+
credentials = e_named_parameters_new ();
e_named_parameters_set (credentials, E_SOURCE_CREDENTIAL_USERNAME, data->username);
e_named_parameters_set (credentials, E_SOURCE_CREDENTIAL_PASSWORD, data->password);
Index: gnome-calendar-43.1/tests/test-discoverer.c
===================================================================
--- gnome-calendar-43.1.orig/tests/test-discoverer.c
+++ gnome-calendar-43.1/tests/test-discoverer.c
@@ -82,6 +82,43 @@ discoverer_file (void)
/*********************************************************************************************************************/
+static void
+discoverer_invalid_https_only_cb (GObject *source_object,
+ GAsyncResult *result,
+ gpointer user_data)
+{
+ g_autoptr (GPtrArray) sources = NULL;
+ g_autoptr (GError) error = NULL;
+ GMainLoop *mainloop = user_data;
+
+ sources = gcal_discover_sources_from_uri_finish (result, &error);
+ g_assert_error (error, G_URI_ERROR, G_URI_ERROR_FAILED);
+ g_assert_null (sources);
+
+ g_main_loop_quit (mainloop);
+}
+
+static void
+discoverer_invalid_https_only (void)
+{
+ g_autoptr (GMainLoop) mainloop = NULL;
+
+ g_test_bug ("794");
+
+ mainloop = g_main_loop_new (NULL, FALSE);
+
+ gcal_discover_sources_from_uri ("https://",
+ NULL,
+ NULL,
+ NULL,
+ discoverer_invalid_https_only_cb,
+ mainloop);
+
+ g_main_loop_run (mainloop);
+}
+
+/*********************************************************************************************************************/
+
#if 0
static void
@@ -183,6 +220,7 @@ main (gint argc,
g_test_init (&argc, &argv, NULL);
g_test_add_func ("/discoverer/file", discoverer_file);
+ g_test_add_func ("/discoverer/invalid-https-only", discoverer_invalid_https_only);
//g_test_add_func ("/discoverer/webdav/unauthorized", discoverer_webdav_unauthorized);
return g_test_run ();
|
