From 5e859bae099245af0b9a95b6c45059863153b95f Mon Sep 17 00:00:00 2001
From: Florian Dold <florian.dold@gmail.com>
Date: Mon, 23 Sep 2019 17:23:54 +0200
Subject: make URL joining more restrictive to avoid mistakes

---
 src/util/test_url.c | 10 +++-------
 src/util/util.c     |  9 +++++++++
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/util/test_url.c b/src/util/test_url.c
index 59a5e3fa7..f6aab0dc7 100644
--- a/src/util/test_url.c
+++ b/src/util/test_url.c
@@ -51,12 +51,8 @@ main (int argc,
 
   cf (TALER_url_join ("https://taler.net/", "foo", NULL),
       "https://taler.net/foo");
-  cf (TALER_url_join ("https://taler.net", "foo", NULL),
-      "https://taler.net/foo");
-  cf (TALER_url_join ("https://taler.net/", "/foo", NULL),
+  cf (TALER_url_join ("https://taler.net/", "foo", NULL),
       "https://taler.net/foo");
-  cf (TALER_url_join ("https://taler.net/", "/foo/", NULL),
-      "https://taler.net/foo/");
 
   cf (TALER_url_join ("https://taler.net/", "foo", "x", "42", NULL),
       "https://taler.net/foo?x=42");
@@ -67,11 +63,11 @@ main (int argc,
   cf (TALER_url_join ("https://taler.net/", "foo", "x", "", "y", "1", NULL),
       "https://taler.net/foo?x=&y=1");
 
-  cf (TALER_url_join ("https://taler.net", "foo/bar", "x", "a&b", NULL),
+  cf (TALER_url_join ("https://taler.net/", "foo/bar", "x", "a&b", NULL),
       "https://taler.net/foo/bar?x=a%26b");
 
   /* Path component is not encoded! */
-  cf (TALER_url_join ("https://taler.net", "foo/bar?spam=eggs&quux=", NULL),
+  cf (TALER_url_join ("https://taler.net/", "foo/bar?spam=eggs&quux=", NULL),
       "https://taler.net/foo/bar?spam=eggs&quux=");
 
   cf (TALER_url_absolute_raw ("https", "taler.net", "foo/bar", "baz",
diff --git a/src/util/util.c b/src/util/util.c
index 75ace4dcf..027daf427 100644
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -300,6 +300,15 @@ TALER_url_join (const char *base_url,
   va_list args;
 
   GNUNET_assert (NULL != res);
+  GNUNET_assert (NULL != base_url);
+  GNUNET_assert (NULL != path);
+  GNUNET_assert (strlen (base_url) > 0);
+
+  // Must be an actual base URL!
+  GNUNET_assert ('/' == base_url[strlen (base_url) - 1]);
+
+  // Path must be relative to existing path of base URL
+  GNUNET_assert ('/' != path[0]);
 
   grow_string (&res, base_url, &n);
 
-- 
cgit v1.2.3