From 18009fe8fbe3982141ddca3f1fcd0900a63150a6 Mon Sep 17 00:00:00 2001
From: Giuseppe Castagno <giuseppe.castagno@acca-esse.eu>
Date: Thu, 11 Aug 2016 22:20:46 +0200
Subject: Related: tdf#99499, add a limit to the number of http redirections

Check for maximum number of redirections according to
<https://tools.ietf.org/html/rfc7231#section-6.4>.

A practical limit can be 5, due to old RFC:
<https://tools.ietf.org/html/rfc2068#section-10.3>, this limit is
reported also in more recent RFCs, see final paragraph of RFC7231, 6.4.

Change-Id: I2b394ef8d1ef391a527df349aa749819c496657b
Reviewed-on: https://gerrit.libreoffice.org/28066
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Giuseppe Castagno <giuseppe.castagno@acca-esse.eu>
---
 ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx | 19 ++++++++++++++++---
 ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx |  1 +
 ucb/source/ucp/webdav-neon/webdavcontent.cxx     |  4 ++++
 3 files changed, 21 insertions(+), 3 deletions(-)

(limited to 'ucb')

diff --git a/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx b/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx
index 51feef68cf7b..026186db347e 100644
--- a/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx
+++ b/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx
@@ -133,7 +133,8 @@ DAVResourceAccess::DAVResourceAccess(
     const OUString & rURL )
 : m_aURL( rURL ),
   m_xSessionFactory( rSessionFactory ),
-  m_xContext( rxContext )
+  m_xContext( rxContext ),
+  m_nRedirectLimit( 5 )
 {
 }
 
@@ -145,7 +146,8 @@ DAVResourceAccess::DAVResourceAccess( const DAVResourceAccess & rOther )
   m_xSession( rOther.m_xSession ),
   m_xSessionFactory( rOther.m_xSessionFactory ),
   m_xContext( rOther.m_xContext ),
-  m_aRedirectURIs( rOther.m_aRedirectURIs )
+  m_aRedirectURIs( rOther.m_aRedirectURIs ),
+  m_nRedirectLimit( rOther.m_nRedirectLimit )
 {
 }
 
@@ -160,6 +162,7 @@ DAVResourceAccess & DAVResourceAccess::operator=(
     m_xSessionFactory = rOther.m_xSessionFactory;
     m_xContext        = rOther.m_xContext;
     m_aRedirectURIs   = rOther.m_aRedirectURIs;
+    m_nRedirectLimit = rOther.m_nRedirectLimit;
 
     return *this;
 }
@@ -1140,7 +1143,7 @@ void DAVResourceAccess::getUserRequestHeaders(
         DAVRequestHeader( "User-Agent", "LibreOffice" ) );
 }
 
-
+// This function member implements the control on cyclical redirections
 bool DAVResourceAccess::detectRedirectCycle(
                                 const OUString& rRedirectURL )
     throw ( DAVException )
@@ -1152,8 +1155,18 @@ bool DAVResourceAccess::detectRedirectCycle(
     std::vector< NeonUri >::const_iterator it  = m_aRedirectURIs.begin();
     std::vector< NeonUri >::const_iterator end = m_aRedirectURIs.end();
 
+    // Check for maximum number of redirections
+    // according to <https://tools.ietf.org/html/rfc7231#section-6.4>.
+    // A pratical limit may be 5, due to earlier specifications:
+    // <https://tools.ietf.org/html/rfc2068#section-10.3>
+    // it can be raised keeping in mind the added net activity.
+    if( static_cast< size_t >( m_nRedirectLimit ) <= m_aRedirectURIs.size() )
+        return true;
+
+    // try to detect a cyclical redirection
     while ( it != end )
     {
+        // if equal, cyclical redirection detected
         if ( aUri == (*it) )
             return true;
 
diff --git a/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx b/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx
index 503c1befe91e..96b308d3c487 100644
--- a/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx
+++ b/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx
@@ -62,6 +62,7 @@ class DAVResourceAccess
     rtl::Reference< DAVSessionFactory > m_xSessionFactory;
     css::uno::Reference< css::uno::XComponentContext > m_xContext;
     std::vector< NeonUri > m_aRedirectURIs;
+    sal_uInt32   m_nRedirectLimit;
 
 public:
     DAVResourceAccess( const css::uno::Reference< css::uno::XComponentContext > & rxContext,
diff --git a/ucb/source/ucp/webdav-neon/webdavcontent.cxx b/ucb/source/ucp/webdav-neon/webdavcontent.cxx
index ca4531d402cb..9cada129c7a5 100644
--- a/ucb/source/ucp/webdav-neon/webdavcontent.cxx
+++ b/ucb/source/ucp/webdav-neon/webdavcontent.cxx
@@ -3919,6 +3919,10 @@ void Content::getResourceOptions(
                     }
                 }
                 break;
+                // The 'DAVException::DAV_HTTP_REDIRECT' means we reached the maximum
+                // number of redirections, consider the resource type as UNKNOWN
+                // possibly a normal web site, not DAV
+                case DAVException::DAV_HTTP_REDIRECT:
                 default: // leave the resource type as UNKNOWN, for now
                     // it means this will be managed as a standard http site
                     SAL_WARN( "ucb.ucp.webdav","OPTIONS - DAVException for URL <" << m_xIdentifier->getContentIdentifier() << ">, DAV error: "
-- 
cgit