Bug 217723

Summary:

[patch] libfetch parses IPv6 addresses incorrectly

Product:

Base System

Reporter:

Dag-Erling Smørgrav <des>

Component:

bin

Assignee:

Dag-Erling Smørgrav <des>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

bapt, bz, cem, ngie

Priority:

---

Keywords:

patch

Version:

CURRENT

Flags:

des: mfc-stable11+
des: mfc-stable10+

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Rewrite host parser	none

Description Dag-Erling Smørgrav freebsd_committer

2017-03-12 13:09:16 UTC

Created attachment 180744 [details]
Rewrite host parser

fetch_resolve() in lib/libfetch/common.c uses strchr() to split the host argument into host name and service name or port number.  Obviously, this fails for IPv6 addresses.  Rewrite the code to handle IP literals (bracketed addresses) correctly and remove similar and now redundant code from fetch.c.

Comment 1 Dag-Erling Smørgrav freebsd_committer

2017-03-12 13:28:37 UTC

I forgot to mention that the patch also fixes an off-by-one bug that causes HTTP 400 BAD REQUEST errors to be treated as redirects (which then fail for lack of a target).

Comment 2 commit-hook freebsd_committer

2017-03-17 14:19:35 UTC

A commit references this bug:

Author: des
Date: Fri Mar 17 14:18:52 UTC 2017
New revision: 315455
URL: https://svnweb.freebsd.org/changeset/base/315455

Log:
  r308996 broke IP literals by assuming that a colon could only occur as
  a separator between host and port, and using strchr() to search for it.
  Rewrite fetch_resolve() so it handles bracketed literals correctly, and
  remove similar code elsewhere to avoid passing unbracketed literals to
  fetch_resolve().  Remove #ifdef INET6 so we still parse IP literals
  correctly even if we do not have the ability to connect to them.

  While there, fix an off-by-one error which caused HTTP 400 errors to be
  misinterpreted as redirects.

  PR:		217723
  MFC after:	1 week
  Reported by:	bapt, bz, cem, ngie

Changes:
  head/lib/libfetch/common.c
  head/lib/libfetch/fetch.c
  head/lib/libfetch/http.c

Comment 3 commit-hook freebsd_committer

2017-03-24 14:20:24 UTC

A commit references this bug:

Author: des
Date: Fri Mar 24 14:19:53 UTC 2017
New revision: 315902
URL: https://svnweb.freebsd.org/changeset/base/315902

Log:
  MFH (r313974,r314596): open .netrc early in case we want to drop privs
  MFH (r314396,r315143): fix a crash caused by an incorrect format string
  MFH (r314701): fix handling of 416 errors when requesting a range
  MFH (r315455): fix parsing of IP literals (square brackets)

  PR:		212065, 217723

Changes:
_U  stable/11/
  stable/11/lib/libfetch/common.c
  stable/11/lib/libfetch/common.h
  stable/11/lib/libfetch/fetch.c
  stable/11/lib/libfetch/fetch.h
  stable/11/lib/libfetch/http.c

Comment 4 commit-hook freebsd_committer

2017-03-24 14:26:35 UTC

A commit references this bug:

Author: des
Date: Fri Mar 24 14:26:01 UTC 2017
New revision: 315904
URL: https://svnweb.freebsd.org/changeset/base/315904

Log:
  MFH (r313974,r314596): open .netrc early in case we want to drop privs
  MFH (r314396,r315143): fix a crash caused by an incorrect format string
  MFH (r314701): fix handling of 416 errors when requesting a range
  MFH (r315455): fix parsing of IP literals (square brackets)

  PR:		212065, 217723

Changes:
_U  stable/10/
  stable/10/lib/libfetch/common.c
  stable/10/lib/libfetch/common.h
  stable/10/lib/libfetch/fetch.c
  stable/10/lib/libfetch/fetch.h
  stable/10/lib/libfetch/http.c