diff options
author | Michael Catanzaro <mcatanzaro@redhat.com> | 2022-06-09 16:28:32 -0500 |
---|---|---|
committer | Michael Catanzaro <mcatanzaro@redhat.com> | 2022-06-28 15:28:22 -0500 |
commit | 1adc2abba4aed5d9a9ed9efaca1d7a67b42b021c (patch) | |
tree | 4d66fe892fb9d4547ffc01486dcc1dabb4d5ae86 | |
parent | 3f1254a8d0ed55a4922adfa54c8140d22bd1b70c (diff) | |
download | glib-networking-1adc2abba4aed5d9a9ed9efaca1d7a67b42b021c.tar.gz |
genvironmentproxyresolver: validate environment variable values
Instead of blindly trusting the environment, let's make sure we have
actually received proper URLs. An empty string will be assumed to mean
"no proxy, please." Any empty environment variable will still cause all
GNOME proxy settings to be ignored, because you might want to use an
empty environment variable to temporarily suppress use of GNOME proxy
settings without messing with XDG_CURRENT_DESKTOP.
Helps with glib#2597
Fixes #189
Part-of: <https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/212>
-rw-r--r-- | proxy/environment/genvironmentproxyresolver.c | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/proxy/environment/genvironmentproxyresolver.c b/proxy/environment/genvironmentproxyresolver.c index d15e459..cfbdbb8 100644 --- a/proxy/environment/genvironmentproxyresolver.c +++ b/proxy/environment/genvironmentproxyresolver.c @@ -118,11 +118,34 @@ g_environment_proxy_resolver_finalize (GObject *object) G_OBJECT_CLASS (g_environment_proxy_resolver_parent_class)->finalize (object); } +static const char * +validate_proxy_envvar (const char *var) +{ + const char *url; + GError *error = NULL; + + if ((url = g_getenv (var))) + { + /* Empty strings mean no proxy. */ + if (*url == '\0') + return NULL; + + if (g_uri_is_valid (url, G_URI_FLAGS_NONE, &error)) + return url; + + g_warning ("Environment variable %s specifies invalid proxy URL %s: %s", var, url, error->message); + g_error_free (error); + } + + return NULL; +} + static void g_environment_proxy_resolver_init (GEnvironmentProxyResolver *resolver) { char **ignore_hosts = NULL; const char *default_proxy = NULL; + const char *url; if (g_getenv ("no_proxy")) ignore_hosts = g_strsplit (g_getenv ("no_proxy"), ",", -1); @@ -134,24 +157,23 @@ g_environment_proxy_resolver_init (GEnvironmentProxyResolver *resolver) * This matches the behavior of libproxy's environment variable module, or * GNOME's use-same-proxy setting. */ - if (g_getenv ("http_proxy")) - default_proxy = g_getenv ("http_proxy"); - else if (g_getenv ("HTTP_PROXY")) - default_proxy = g_getenv ("HTTP_PROXY"); + if ((url = validate_proxy_envvar ("http_proxy"))) + default_proxy = url; + else if ((url = validate_proxy_envvar ("HTTP_PROXY"))) + default_proxy = url; resolver->base_resolver = g_simple_proxy_resolver_new (default_proxy, ignore_hosts); + g_strfreev (ignore_hosts); - if (g_getenv ("ftp_proxy")) - g_simple_proxy_resolver_set_uri_proxy (G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver), "ftp", g_getenv ("ftp_proxy")); - else if (g_getenv ("FTP_PROXY")) - g_simple_proxy_resolver_set_uri_proxy (G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver), "ftp", g_getenv ("FTP_PROXY")); - - if (g_getenv ("https_proxy")) - g_simple_proxy_resolver_set_uri_proxy (G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver), "https", g_getenv ("https_proxy")); - else if (g_getenv ("HTTPS_PROXY")) - g_simple_proxy_resolver_set_uri_proxy (G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver), "https", g_getenv ("HTTPS_PROXY")); + if ((url = validate_proxy_envvar ("ftp_proxy"))) + g_simple_proxy_resolver_set_uri_proxy (G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver), "ftp", url); + else if ((url = validate_proxy_envvar ("FTP_PROXY"))) + g_simple_proxy_resolver_set_uri_proxy (G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver), "ftp", url); - g_strfreev (ignore_hosts); + if ((url = validate_proxy_envvar ("https_proxy"))) + g_simple_proxy_resolver_set_uri_proxy (G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver), "https", url); + else if ((url = validate_proxy_envvar ("HTTPS_PROXY"))) + g_simple_proxy_resolver_set_uri_proxy (G_SIMPLE_PROXY_RESOLVER (resolver->base_resolver), "https", url); } static void |