Remove internal_parse_url() from the library exports.

The only thing that main.c was really doing differently to the public
openconnect_parse_url() function was allowing 'urlpath' to be superseded
by the --usergroup command line argument. Which we can handle simply
by storing that in a separate variable and applying it afterwards.

The other thing it did differently was check that the scheme is https.
But openconnect_parse_url() arguably should have been doing that anyway.

Fix potential memory leak of old strings in openconnect_parse_url()
while we're at it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 0c79e00..c3365a6 100644 (file)
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -52,6 +52,5 @@ OPENCONNECT_PRIVATE {
        openconnect_SSL_printf;
        openconnect_version_str;
        openconnect_create_useragent;
-       internal_parse_url;
        report_ssl_errors;
 };

diff --git a/library.c b/library.c
index a4d44bd..4a90a6c 100644 (file)
--- a/library.c
+++ b/library.c
@@ -23,6 +23,7 @@
  */
 
 #include <string.h>
+#include <errno.h>
 
 #include "openconnect-internal.h"
 
@@ -189,13 +190,35 @@ void openconnect_reset_ssl (struct openconnect_info *vpninfo)
 
 int openconnect_parse_url (struct openconnect_info *vpninfo, char *url)
 {
+       char *scheme = NULL;
+       int ret;
+
        if (vpninfo->peer_addr) {
                free(vpninfo->peer_addr);
                vpninfo->peer_addr = NULL;
        }
 
-       return internal_parse_url (url, NULL, &vpninfo->hostname,
-                                  &vpninfo->port, &vpninfo->urlpath, 443);
+       free(vpninfo->hostname);
+       vpninfo->hostname = NULL;
+       free(vpninfo->urlpath);
+       vpninfo->urlpath = NULL;
+
+       ret = internal_parse_url (url, &scheme, &vpninfo->hostname,
+                                 &vpninfo->port, &vpninfo->urlpath, 443);
+
+       if (ret) {
+               vpn_progress(vpninfo, PRG_ERR,
+                            _("Failed to parse server URL '%s'\n"),
+                            url);
+               return ret;
+       }
+       if (scheme && strcmp(scheme, "https")) {
+               vpn_progress(vpninfo, PRG_ERR,
+                            _("Only https:// permitted for server URL\n"));
+               ret = -EINVAL;
+       }
+       free(scheme);
+       return ret;
 }
 
 void openconnect_set_cert_expiry_warning (struct openconnect_info *vpninfo,

diff --git a/main.c b/main.c
index 4d5c785..2b3e44a 100644 (file)
--- a/main.c
+++ b/main.c
@@ -366,6 +366,7 @@ int main(int argc, char **argv)
        struct sigaction sa;
        int cookieonly = 0;
        int use_syslog = 0;
+       char *urlpath = NULL;
        char *proxy = getenv("https_proxy");
        int autoproxy = 0;
        uid_t uid = getuid();
@@ -515,8 +516,8 @@ int main(int argc, char **argv)
                        vpninfo->deflate = 0;
                        break;
                case 'g':
-                       free(vpninfo->urlpath);
-                       vpninfo->urlpath = strdup(config_arg);
+                       free(urlpath);
+                       urlpath = strdup(config_arg);
                        break;
                case 'h':
                        usage();
@@ -678,27 +679,22 @@ int main(int argc, char **argv)
 
        if (!vpninfo->hostname) {
                char *url = strdup(argv[optind]);
-               char *scheme;
-               char *group;
 
-               if (internal_parse_url(url, &scheme, &vpninfo->hostname, &vpninfo->port,
-                             &group, 443)) {
-                       fprintf(stderr, _("Failed to parse server URL '%s'\n"),
-                               url);
+               if (openconnect_parse_url(vpninfo, url))
                        exit(1);
-               }
-               if (scheme && strcmp(scheme, "https")) {
-                       fprintf(stderr, _("Only https:// permitted for server URL\n"));
-                       exit(1);
-               }
-               if (group) {
-                       free(vpninfo->urlpath);
-                       vpninfo->urlpath = group;
-               }
-               free(scheme);
+
                free(url);
        }
 
+       /* Historically, the path in the URL superseded the one in the
+        * --usergroup argument, just because of the order in which they
+        * were processed. Preserve that behaviour. */
+       if (urlpath && !vpninfo->urlpath) {
+               vpninfo->urlpath = urlpath;
+               urlpath = NULL;
+       }
+       free(urlpath);
+
 #ifdef SSL_UI
        set_openssl_ui();
 #endif