* [PATCH] debuginfod-client: Stick to http:// + https:// + file:// protocols
@ 2021-10-15 13:25 Mark Wielaard
2021-10-18 11:35 ` Mark Wielaard
0 siblings, 1 reply; 2+ messages in thread
From: Mark Wielaard @ 2021-10-15 13:25 UTC (permalink / raw)
To: elfutils-devel; +Cc: Zbigniew Jędrzejewski-Szmek, Mark Wielaard
Make sure we don't use any of the more experimental protocols
libcurl might support. URLs can be redirected and we might want
to follow http -> https, but not e.g. gopher or pop3.
Suggested-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Mark Wielaard <mark@klomp.org>
---
debuginfod/ChangeLog | 5 +++++
debuginfod/debuginfod-client.c | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/debuginfod/ChangeLog b/debuginfod/ChangeLog
index de833f7f..a91749e7 100644
--- a/debuginfod/ChangeLog
+++ b/debuginfod/ChangeLog
@@ -1,3 +1,8 @@
+2021-10-15 Mark Wielaard <mark@klomp.org>
+
+ * debuginfod-client.c (debuginfod_query_server): Set
+ CURLOPT_PROTOCOLS.
+
2021-10-06 Di Chen <dichen@redhat.com>
PR28242
diff --git a/debuginfod/debuginfod-client.c b/debuginfod/debuginfod-client.c
index 88e45567..bd947ae4 100644
--- a/debuginfod/debuginfod-client.c
+++ b/debuginfod/debuginfod-client.c
@@ -973,6 +973,10 @@ debuginfod_query_server (debuginfod_client *c,
if (vfd >= 0)
dprintf (vfd, "url %d %s\n", i, data[i].url);
+ /* Only allow http:// + https:// + file:// so we aren't being
+ redirected to some unsupported protocol. */
+ curl_easy_setopt(data[i].handle, CURLOPT_PROTOCOLS,
+ CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FILE);
curl_easy_setopt(data[i].handle, CURLOPT_URL, data[i].url);
if (vfd >= 0)
curl_easy_setopt(data[i].handle, CURLOPT_ERRORBUFFER, data[i].errbuf);
--
2.18.4
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] debuginfod-client: Stick to http:// + https:// + file:// protocols
2021-10-15 13:25 [PATCH] debuginfod-client: Stick to http:// + https:// + file:// protocols Mark Wielaard
@ 2021-10-18 11:35 ` Mark Wielaard
0 siblings, 0 replies; 2+ messages in thread
From: Mark Wielaard @ 2021-10-18 11:35 UTC (permalink / raw)
To: elfutils-devel; +Cc: Zbigniew Jędrzejewski-Szmek
Hi,
On Fri, 2021-10-15 at 15:25 +0200, Mark Wielaard wrote:
> Make sure we don't use any of the more experimental protocols
> libcurl might support. URLs can be redirected and we might want
> to follow http -> https, but not e.g. gopher or pop3.
On irc Frank said he didn't have any objections to this, so pushed.
Cheers,
Mark
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-18 11:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-15 13:25 [PATCH] debuginfod-client: Stick to http:// + https:// + file:// protocols Mark Wielaard
2021-10-18 11:35 ` Mark Wielaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).