aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2019-09-23 17:23:54 +0200
committerFlorian Dold <florian.dold@gmail.com>2019-09-23 17:23:54 +0200
commit5e859bae099245af0b9a95b6c45059863153b95f (patch)
tree9fd8281728f111ee40774ee808de3694cab2a8a9
parent389b5de09dc3720c22ac86d5cad4c1495fc5be58 (diff)
downloadexchange-5e859bae099245af0b9a95b6c45059863153b95f.tar.gz
exchange-5e859bae099245af0b9a95b6c45059863153b95f.zip
make URL joining more restrictive to avoid mistakes
-rw-r--r--src/util/test_url.c10
-rw-r--r--src/util/util.c9
2 files changed, 12 insertions, 7 deletions
diff --git a/src/util/test_url.c b/src/util/test_url.c
index 59a5e3fa7..f6aab0dc7 100644
--- a/src/util/test_url.c
+++ b/src/util/test_url.c
@@ -51,12 +51,8 @@ main (int argc,
51 51
52 cf (TALER_url_join ("https://taler.net/", "foo", NULL), 52 cf (TALER_url_join ("https://taler.net/", "foo", NULL),
53 "https://taler.net/foo"); 53 "https://taler.net/foo");
54 cf (TALER_url_join ("https://taler.net", "foo", NULL), 54 cf (TALER_url_join ("https://taler.net/", "foo", NULL),
55 "https://taler.net/foo");
56 cf (TALER_url_join ("https://taler.net/", "/foo", NULL),
57 "https://taler.net/foo"); 55 "https://taler.net/foo");
58 cf (TALER_url_join ("https://taler.net/", "/foo/", NULL),
59 "https://taler.net/foo/");
60 56
61 cf (TALER_url_join ("https://taler.net/", "foo", "x", "42", NULL), 57 cf (TALER_url_join ("https://taler.net/", "foo", "x", "42", NULL),
62 "https://taler.net/foo?x=42"); 58 "https://taler.net/foo?x=42");
@@ -67,11 +63,11 @@ main (int argc,
67 cf (TALER_url_join ("https://taler.net/", "foo", "x", "", "y", "1", NULL), 63 cf (TALER_url_join ("https://taler.net/", "foo", "x", "", "y", "1", NULL),
68 "https://taler.net/foo?x=&y=1"); 64 "https://taler.net/foo?x=&y=1");
69 65
70 cf (TALER_url_join ("https://taler.net", "foo/bar", "x", "a&b", NULL), 66 cf (TALER_url_join ("https://taler.net/", "foo/bar", "x", "a&b", NULL),
71 "https://taler.net/foo/bar?x=a%26b"); 67 "https://taler.net/foo/bar?x=a%26b");
72 68
73 /* Path component is not encoded! */ 69 /* Path component is not encoded! */
74 cf (TALER_url_join ("https://taler.net", "foo/bar?spam=eggs&quux=", NULL), 70 cf (TALER_url_join ("https://taler.net/", "foo/bar?spam=eggs&quux=", NULL),
75 "https://taler.net/foo/bar?spam=eggs&quux="); 71 "https://taler.net/foo/bar?spam=eggs&quux=");
76 72
77 cf (TALER_url_absolute_raw ("https", "taler.net", "foo/bar", "baz", 73 cf (TALER_url_absolute_raw ("https", "taler.net", "foo/bar", "baz",
diff --git a/src/util/util.c b/src/util/util.c
index 75ace4dcf..027daf427 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -300,6 +300,15 @@ TALER_url_join (const char *base_url,
300 va_list args; 300 va_list args;
301 301
302 GNUNET_assert (NULL != res); 302 GNUNET_assert (NULL != res);
303 GNUNET_assert (NULL != base_url);
304 GNUNET_assert (NULL != path);
305 GNUNET_assert (strlen (base_url) > 0);
306
307 // Must be an actual base URL!
308 GNUNET_assert ('/' == base_url[strlen (base_url) - 1]);
309
310 // Path must be relative to existing path of base URL
311 GNUNET_assert ('/' != path[0]);
303 312
304 grow_string (&res, base_url, &n); 313 grow_string (&res, base_url, &n);
305 314