You are viewing a plain text version of this content. The canonical link for it is here.
Posted to test-cvs@httpd.apache.org by ja...@apache.org on 2002/09/06 11:35:56 UTC
cvs commit: httpd-test/flood flood_round_robin.c
jacekp 2002/09/06 02:35:56
Modified: flood flood_round_robin.c
Log:
Catch every possible flaw in URL.
Revision Changes Path
1.27 +13 -0 httpd-test/flood/flood_round_robin.c
Index: flood_round_robin.c
===================================================================
RCS file: /home/cvs/httpd-test/flood/flood_round_robin.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- flood_round_robin.c 1 Aug 2002 22:25:35 -0000 1.26
+++ flood_round_robin.c 6 Sep 2002 09:35:55 -0000 1.27
@@ -792,6 +792,19 @@
apr_file_printf (local_stderr, "Misformed URL '%s'\n", r->uri);
exit (APR_EGENERAL);
}
+ if (r->parsed_uri->hostname[0] == '\0') {
+ apr_file_printf (local_stderr, "Misformed URL '%s' -- can't find valid hostname.\n", r->uri);
+ exit (APR_EGENERAL);
+ }
+ /* this schouldn't be hardcoded, but... :) */
+ if (apr_strnatcmp (r->parsed_uri->scheme, "http") != APR_SUCCESS && apr_strnatcmp (r->parsed_uri->scheme, "https") != APR_SUCCESS) {
+ apr_file_printf (local_stderr, "Wrong URL scheme '%s' -- only 'http' and 'https' schemes are supported.\n", r->parsed_uri->scheme);
+ exit (APR_EGENERAL);
+ }
+ if (r->parsed_uri->user != NULL || r->parsed_uri->password != NULL) {
+ apr_file_printf (local_stderr, "Misformed URL -- auth data schould be outside URL -- please see docs.\n");
+ exit (APR_EGENERAL);
+ }
if (!r->parsed_uri->port)
{
r->parsed_uri->port =
Re: cvs commit: httpd-test/flood flood_round_robin.c
Posted by Justin Erenkrantz <je...@apache.org>.
On Fri, Sep 06, 2002 at 09:35:56AM -0000, jacekp@apache.org wrote:
> + if (r->parsed_uri->hostname[0] == '\0') {
> + apr_file_printf (local_stderr, "Misformed URL '%s' -- can't find valid hostname.\n", r->uri);
> + exit (APR_EGENERAL);
> + }
Watch out for long lines (per previous email) and there are no spaces
between a function name and its arguments: "apr_file_printf (" vs.
"apr_file_printf(". -- justin