SoupServer: reject non-HTTP URIs and URIs with no host

This prevents a critical warning and other misbehaviour in the
simple-httpd test, when using requests like "GET http: HTTP/1.0".

Bug: https://bugzilla.gnome.org/show_bug.cgi?id=667637
Bug-NB: NB#294977
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Dan Winship <danw@gnome.org>

diff --git a/libsoup/soup-message-server-io.c b/libsoup/soup-message-server-io.c
index 573fcaf..624fad6 100644 (file)
--- a/libsoup/soup-message-server-io.c
+++ b/libsoup/soup-message-server-io.c
@@ -94,8 +94,16 @@ parse_request_headers (SoupMessage *msg, char *headers, guint headers_len,
                uri = NULL;
 
        g_free (req_path);
-       if (!uri)
+
+       if (!SOUP_URI_VALID_FOR_HTTP (uri)) {
+               /* certainly not "a valid host on the server" (RFC2616 5.2.3)
+                * SOUP_URI_VALID_FOR_HTTP also guards against uri == NULL
+                */
+               if (uri)
+                       soup_uri_free (uri);
                return SOUP_STATUS_BAD_REQUEST;
+       }
+
        soup_message_set_uri (msg, uri);
        soup_uri_free (uri);