diff options
author | Giuseppe Castagno <giuseppe.castagno@acca-esse.eu> | 2016-08-11 22:20:46 +0200 |
---|---|---|
committer | Giuseppe Castagno <giuseppe.castagno@acca-esse.eu> | 2016-08-12 06:41:06 +0000 |
commit | 18009fe8fbe3982141ddca3f1fcd0900a63150a6 (patch) | |
tree | 10c557b41b770165a10dcb2b433b7e0a97a1f5ae /ucb | |
parent | 8fb3e7971c52a13c2e8adf425ca02a13ea2e45c2 (diff) |
Related: tdf#99499, add a limit to the number of http redirections
Check for maximum number of redirections according to
<https://tools.ietf.org/html/rfc7231#section-6.4>.
A practical limit can be 5, due to old RFC:
<https://tools.ietf.org/html/rfc2068#section-10.3>, this limit is
reported also in more recent RFCs, see final paragraph of RFC7231, 6.4.
Change-Id: I2b394ef8d1ef391a527df349aa749819c496657b
Reviewed-on: https://gerrit.libreoffice.org/28066
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Giuseppe Castagno <giuseppe.castagno@acca-esse.eu>
Diffstat (limited to 'ucb')
-rw-r--r-- | ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx | 19 | ||||
-rw-r--r-- | ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx | 1 | ||||
-rw-r--r-- | ucb/source/ucp/webdav-neon/webdavcontent.cxx | 4 |
3 files changed, 21 insertions, 3 deletions
diff --git a/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx b/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx index 51feef68cf7b..026186db347e 100644 --- a/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx +++ b/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx @@ -133,7 +133,8 @@ DAVResourceAccess::DAVResourceAccess( const OUString & rURL ) : m_aURL( rURL ), m_xSessionFactory( rSessionFactory ), - m_xContext( rxContext ) + m_xContext( rxContext ), + m_nRedirectLimit( 5 ) { } @@ -145,7 +146,8 @@ DAVResourceAccess::DAVResourceAccess( const DAVResourceAccess & rOther ) m_xSession( rOther.m_xSession ), m_xSessionFactory( rOther.m_xSessionFactory ), m_xContext( rOther.m_xContext ), - m_aRedirectURIs( rOther.m_aRedirectURIs ) + m_aRedirectURIs( rOther.m_aRedirectURIs ), + m_nRedirectLimit( rOther.m_nRedirectLimit ) { } @@ -160,6 +162,7 @@ DAVResourceAccess & DAVResourceAccess::operator=( m_xSessionFactory = rOther.m_xSessionFactory; m_xContext = rOther.m_xContext; m_aRedirectURIs = rOther.m_aRedirectURIs; + m_nRedirectLimit = rOther.m_nRedirectLimit; return *this; } @@ -1140,7 +1143,7 @@ void DAVResourceAccess::getUserRequestHeaders( DAVRequestHeader( "User-Agent", "LibreOffice" ) ); } - +// This function member implements the control on cyclical redirections bool DAVResourceAccess::detectRedirectCycle( const OUString& rRedirectURL ) throw ( DAVException ) @@ -1152,8 +1155,18 @@ bool DAVResourceAccess::detectRedirectCycle( std::vector< NeonUri >::const_iterator it = m_aRedirectURIs.begin(); std::vector< NeonUri >::const_iterator end = m_aRedirectURIs.end(); + // Check for maximum number of redirections + // according to <https://tools.ietf.org/html/rfc7231#section-6.4>. + // A pratical limit may be 5, due to earlier specifications: + // <https://tools.ietf.org/html/rfc2068#section-10.3> + // it can be raised keeping in mind the added net activity. + if( static_cast< size_t >( m_nRedirectLimit ) <= m_aRedirectURIs.size() ) + return true; + + // try to detect a cyclical redirection while ( it != end ) { + // if equal, cyclical redirection detected if ( aUri == (*it) ) return true; diff --git a/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx b/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx index 503c1befe91e..96b308d3c487 100644 --- a/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx +++ b/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx @@ -62,6 +62,7 @@ class DAVResourceAccess rtl::Reference< DAVSessionFactory > m_xSessionFactory; css::uno::Reference< css::uno::XComponentContext > m_xContext; std::vector< NeonUri > m_aRedirectURIs; + sal_uInt32 m_nRedirectLimit; public: DAVResourceAccess( const css::uno::Reference< css::uno::XComponentContext > & rxContext, diff --git a/ucb/source/ucp/webdav-neon/webdavcontent.cxx b/ucb/source/ucp/webdav-neon/webdavcontent.cxx index ca4531d402cb..9cada129c7a5 100644 --- a/ucb/source/ucp/webdav-neon/webdavcontent.cxx +++ b/ucb/source/ucp/webdav-neon/webdavcontent.cxx @@ -3919,6 +3919,10 @@ void Content::getResourceOptions( } } break; + // The 'DAVException::DAV_HTTP_REDIRECT' means we reached the maximum + // number of redirections, consider the resource type as UNKNOWN + // possibly a normal web site, not DAV + case DAVException::DAV_HTTP_REDIRECT: default: // leave the resource type as UNKNOWN, for now // it means this will be managed as a standard http site SAL_WARN( "ucb.ucp.webdav","OPTIONS - DAVException for URL <" << m_xIdentifier->getContentIdentifier() << ">, DAV error: " |