From unknown Tue Jun 17 20:20:42 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#10109 <10109@debbugs.gnu.org> To: bug#10109 <10109@debbugs.gnu.org> Subject: Status: [PATCH] (web http): list-style headers do not validate Reply-To: bug#10109 <10109@debbugs.gnu.org> Date: Wed, 18 Jun 2025 03:20:42 +0000 retitle 10109 [PATCH] (web http): list-style headers do not validate reassign 10109 guile submitter 10109 Daniel Hartwig severity 10109 normal tag 10109 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 22 13:34:13 2011 Received: (at submit) by debbugs.gnu.org; 22 Nov 2011 18:34:13 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RSvAZ-0000UC-1O for submit@debbugs.gnu.org; Tue, 22 Nov 2011 13:34:12 -0500 Received: from mail-iy0-f172.google.com ([209.85.210.172]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RSuwo-00006m-Gt for submit@debbugs.gnu.org; Tue, 22 Nov 2011 13:20:00 -0500 Received: by iaeo4 with SMTP id o4so502873iae.3 for ; Tue, 22 Nov 2011 10:18:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=3BGiC8k+MsqtY6g8Z+KQWwSzD+0R3URu6Un4wBhFXFs=; b=mynEAEY+80Qk4sFL0O7epC+7m16C8OxnKk3dDlIK7+6eUzwtl3wFUg0KVI3xuAwauS IRWNTg5OtT0LOuO8ILzoVNgR6cFX7Ha8mv6EBPmB3XcS223YmAgl9nNgIv4EvYaxco17 IHG7I6U8aCq8nhV07FKOmpkvipfH45p2EaBNk= MIME-Version: 1.0 Received: by 10.50.242.1 with SMTP id wm1mr25181639igc.30.1321985917088; Tue, 22 Nov 2011 10:18:37 -0800 (PST) Received: by 10.231.166.69 with HTTP; Tue, 22 Nov 2011 10:18:36 -0800 (PST) Date: Wed, 23 Nov 2011 02:18:36 +0800 Message-ID: Subject: [PATCH] (web http): list-style headers do not validate From: Daniel Hartwig To: submit@debbugs.gnu.org Content-Type: multipart/mixed; boundary=f46d04479505fc743c04b256d482 X-Spam-Score: -3.6 (---) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 22 Nov 2011 13:34:09 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.6 (---) --f46d04479505fc743c04b256d482 Content-Type: text/plain; charset=ISO-8859-1 Package: guile Version: 2.0.3 Tags: patch Many of the list-style headers from (web http) do not validate correctly. The test suite only checks that the header's parse and does not test the associated validators. Attached is a very quick patch (0002) which exposes the failing validators through the test-suite: $ ./guile-test tests/web-http.test Running tests/web-http.test ... FAIL: tests/web-http.test: general headers: cache-control: "no-transform" -> (no-transform) FAIL: tests/web-http.test: general headers: cache-control: "no-transform,foo" -> (no-transform foo) FAIL: tests/web-http.test: general headers: cache-control: "no-cache" -> (no-cache) FAIL: tests/web-http.test: general headers: cache-control: "no-cache=\"Authorization, Date\"" -> ((no-cache authorization date)) FAIL: tests/web-http.test: general headers: cache-control: "private=\"Foo\"" -> ((private foo)) FAIL: tests/web-http.test: general headers: cache-control: "no-cache,max-age=10" -> (no-cache (max-age . 10)) FAIL: tests/web-http.test: general headers: pragma: "no-cache" -> (no-cache) FAIL: tests/web-http.test: general headers: pragma: "no-cache, foo" -> (no-cache foo) FAIL: tests/web-http.test: general headers: transfer-encoding: "foo, chunked" -> ((foo) (chunked)) FAIL: tests/web-http.test: entity headers: allow: "foo, bar" -> (foo bar) FAIL: tests/web-http.test: entity headers: content-encoding: "qux, baz" -> (qux baz) FAIL: tests/web-http.test: request headers: accept: "text/*;q=0.3, text/html;q=0.7, text/html;level=1" -> ((text/* (q . 300)) (text/html (q . 700)) (text/html (level . "1"))) FAIL: tests/web-http.test: request headers: authorization: "Basic foooo" -> (basic . "foooo") FAIL: tests/web-http.test: request headers: authorization: "Digest foooo" -> (digest foooo) FAIL: tests/web-http.test: request headers: expect: "100-continue, foo" -> ((#{100-continue}#) (foo)) FAIL: tests/web-http.test: request headers: proxy-authorization: "Basic foooo" -> (basic . "foooo") FAIL: tests/web-http.test: request headers: proxy-authorization: "Digest foooo" -> (digest foooo) FAIL: tests/web-http.test: request headers: te: "trailers" -> ((trailers)) FAIL: tests/web-http.test: request headers: te: "trailers,foo" -> ((trailers) (foo)) FAIL: tests/web-http.test: response headers: accept-ranges: "foo,bar" -> (foo bar) Totals for this test run: passes: 60 failures: 20 ... The other patch (0001) corrects `http.scm' for some typos and missing logic, after which the above failures no longer occur. $ ./guile-test tests/web-http.test Running tests/web-http.test ... Totals for this test run: passes: 80 failures: 0 ... 0001 (web http): fix validators for various list-style headers * module/web/http.scm (default-val-validator): Valid with no value. (key-value-list?): Keys are always symbols, do not accept strings. (validate-param-list): Apply `valid?' to list elements. (validate-credentials): Validate param for Basic scheme, which is parsed as a string. (declare-symbol-list-header!): `list-of?' args were in wrong order. ("Cache-Control"): Replace `default-val-validator' with more specific procedure. ("Accept"): Validate on first param which has no value. --- module/web/http.scm | 26 ++++++++++++++++++-------- 1 files changed, 18 insertions(+), 8 deletions(-) --f46d04479505fc743c04b256d482 Content-Type: text/x-patch; charset=US-ASCII; name="0001-web-http-fix-validators-for-various-list-style-heade.patch" Content-Disposition: attachment; filename="0001-web-http-fix-validators-for-various-list-style-heade.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gvb86x5m0 ZGlmZiAtLWdpdCBhL21vZHVsZS93ZWIvaHR0cC5zY20gYi9tb2R1bGUvd2ViL2h0dHAuc2NtCmlu ZGV4IGU4NzY1ZjMuLmRjNzQyYTEgMTAwNjQ0Ci0tLSBhL21vZHVsZS93ZWIvaHR0cC5zY20KKysr IGIvbW9kdWxlL3dlYi9odHRwLnNjbQpAQCAtNDcwLDcgKzQ3MCw3IEBAIG9yZGVyZWQgYWxpc3Qu IgogICB2YWwpCiAKIChkZWZpbmUgKGRlZmF1bHQtdmFsLXZhbGlkYXRvciBrIHZhbCkKLSAgKHN0 cmluZz8gdmFsKSkKKyAgKG9yIChub3QgdmFsKSAoc3RyaW5nPyB2YWwpKSkKIAogKGRlZmluZSAo ZGVmYXVsdC12YWwtd3JpdGVyIGsgdmFsIHBvcnQpCiAgIChpZiAob3IgKHN0cmluZy1pbmRleCB2 YWwgI1w7KQpAQCAtNTE4LDkgKzUxOCw5IEBAIG9yZGVyZWQgYWxpc3QuIgogICAgICAgICAgICAg ICAgKChwYWlyPyBlbHQpCiAgICAgICAgICAgICAgICAgKGxldCAoKGsgKGNhciBlbHQpKQogICAg ICAgICAgICAgICAgICAgICAgICh2IChjZHIgZWx0KSkpCi0gICAgICAgICAgICAgICAgICAoYW5k IChvciAoc3RyaW5nPyBrKSAoc3ltYm9sPyBrKSkKKyAgICAgICAgICAgICAgICAgIChhbmQgKHN5 bWJvbD8gaykKICAgICAgICAgICAgICAgICAgICAgICAgKHZhbGlkPyBrIHYpKSkpCi0gICAgICAg ICAgICAgICAoKG9yIChzdHJpbmc/IGVsdCkgKHN5bWJvbD8gZWx0KSkKKyAgICAgICAgICAgICAg ICgoc3ltYm9sPyBlbHQpCiAgICAgICAgICAgICAgICAgKHZhbGlkPyBlbHQgI2YpKQogICAgICAg ICAgICAgICAgKGVsc2UgI2YpKSkpKQogCkBAIC02MTEsNyArNjExLDcgQEAgb3JkZXJlZCBhbGlz dC4iCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAodmFsaWQ/IGRlZmF1bHQtdmFsLXZh bGlkYXRvcikpCiAgIChsaXN0LW9mPyBsaXN0CiAgICAgICAgICAgICAobGFtYmRhIChlbHQpCi0g ICAgICAgICAgICAgIChrZXktdmFsdWUtbGlzdD8gbGlzdCB2YWxpZD8pKSkpCisgICAgICAgICAg ICAgIChrZXktdmFsdWUtbGlzdD8gZWx0IHZhbGlkPykpKSkKIAogKGRlZmluZSogKHdyaXRlLXBh cmFtLWxpc3QgbGlzdCBwb3J0ICM6b3B0aW9uYWwKICAgICAgICAgICAgICAgICAgICAgICAgICAg ICh2YWwtd3JpdGVyIGRlZmF1bHQtdmFsLXdyaXRlcikpCkBAIC04NzEsNyArODcxLDEwIEBAIG9y ZGVyZWQgYWxpc3QuIgogICAgICAgICAgKGNvbnMgc2NoZW1lIChwYXJzZS1rZXktdmFsdWUtbGlz dCBzdHIgZGVmYXVsdC12YWwtcGFyc2VyIGRlbGltIGVuZCkpKSkpKSkKIAogKGRlZmluZSAodmFs aWRhdGUtY3JlZGVudGlhbHMgdmFsKQotICAoYW5kIChwYWlyPyB2YWwpIChzeW1ib2w/IChjYXIg dmFsKSkgKGtleS12YWx1ZS1saXN0PyAoY2RyIHZhbCkpKSkKKyAgKGFuZCAocGFpcj8gdmFsKSAo c3ltYm9sPyAoY2FyIHZhbCkpCisgICAgICAgKGNhc2UgKGNhciB2YWwpCisgICAgICAgICAoKGJh c2ljKSAoc3RyaW5nPyAoY2RyIHZhbCkpKQorICAgICAgICAgKGVsc2UgKGtleS12YWx1ZS1saXN0 PyAoY2RyIHZhbCkpKSkpKQogCiAoZGVmaW5lICh3cml0ZS1jcmVkZW50aWFscyB2YWwgcG9ydCkK ICAgKGRpc3BsYXkgKGNhciB2YWwpIHBvcnQpCkBAIC0xMTM3LDcgKzExNDAsNyBAQCBwaHJhc2Vc Ii4iCiAgICAgKGxhbWJkYSAoc3RyKQogICAgICAgKG1hcCBzdHJpbmctPnN5bWJvbCAoc3BsaXQt YW5kLXRyaW0gc3RyKSkpCiAgICAgKGxhbWJkYSAodikKLSAgICAgIChsaXN0LW9mPyBzeW1ib2w/ IHYpKQorICAgICAgKGxpc3Qtb2Y/IHYgc3ltYm9sPykpCiAgICAgKGxhbWJkYSAodiBwb3J0KQog ICAgICAgKHdyaXRlLWxpc3QgdiBwb3J0IGRpc3BsYXkgIiwgIikpKSkKIApAQCAtMTI0Miw3ICsx MjQ1LDE0IEBAIHBocmFzZVwiLiIKICAgICAgICgocHJpdmF0ZSBuby1jYWNoZSkKICAgICAgICAo YW5kIHYtc3RyIChzcGxpdC1oZWFkZXItbmFtZXMgdi1zdHIpKSkKICAgICAgIChlbHNlIHYtc3Ry KSkpCi0gIGRlZmF1bHQtdmFsLXZhbGlkYXRvcgorICAobGFtYmRhIChrIHYpCisgICAgKGNhc2Ug aworICAgICAgKChtYXgtYWdlIG1heC1zdGFsZSBtaW4tZnJlc2ggcy1tYXhhZ2UpCisgICAgICAg KG5vbi1uZWdhdGl2ZS1pbnRlZ2VyPyB2KSkKKyAgICAgICgocHJpdmF0ZSBuby1jYWNoZSkKKyAg ICAgICAob3IgKG5vdCB2KSAobGlzdC1vZi1oZWFkZXItbmFtZXM/IHYpKSkKKyAgICAgIChlbHNl CisgICAgICAgKG5vdCB2KSkpKQogICAobGFtYmRhIChrIHYgcG9ydCkKICAgICAoY29uZAogICAg ICAoKHN0cmluZz8gdikgKGRpc3BsYXkgdiBwb3J0KSkKQEAgLTE1MjIsNyArMTUzMiw3IEBAIHBo cmFzZVwiLiIKICAgKGxhbWJkYSAoayB2KQogICAgIChpZiAoZXE/IGsgJ3EpCiAgICAgICAgICh2 YWxpZC1xdWFsaXR5PyB2KQotICAgICAgICAoc3RyaW5nPyB2KSkpCisgICAgICAgIChvciAobm90 IHYpIChzdHJpbmc/IHYpKSkpCiAgIChsYW1iZGEgKGsgdiBwb3J0KQogICAgIChpZiAoZXE/IGsg J3EpCiAgICAgICAgICh3cml0ZS1xdWFsaXR5IHYgcG9ydCkK --f46d04479505fc743c04b256d482 Content-Type: text/x-patch; charset=US-ASCII; name="0002-web-http-test.patch" Content-Disposition: attachment; filename="0002-web-http-test.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gvb86ya71 ZGlmZiAtLWdpdCBhL3Rlc3Qtc3VpdGUvdGVzdHMvd2ViLWh0dHAudGVzdCBiL3Rlc3Qtc3VpdGUv dGVzdHMvd2ViLWh0dHAudGVzdAppbmRleCBlNGQ2ZWZiLi5iNmFiYmYzIDEwMDY0NAotLS0gYS90 ZXN0LXN1aXRlL3Rlc3RzL3dlYi1odHRwLnRlc3QKKysrIGIvdGVzdC1zdWl0ZS90ZXN0cy93ZWIt aHR0cC50ZXN0CkBAIC00MSw4ICs0MSw5IEBACiAgIChzeW50YXgtcnVsZXMgKCkKICAgICAoKF8g c3ltIHN0ciB2YWwpCiAgICAgIChwYXNzLWlmIChmb3JtYXQgI2YgIn5hOiB+cyAtPiB+cyIgJ3N5 bSBzdHIgdmFsKQotICAgICAgIChlcXVhbD8gKHBhcnNlLWhlYWRlciAnc3ltIHN0cikKLSAgICAg ICAgICAgICAgIHZhbCkpKSkpCisgICAgICAgKGFuZCAoZXF1YWw/IChwYXJzZS1oZWFkZXIgJ3N5 bSBzdHIpCisgICAgICAgICAgICAgICAgICAgIHZhbCkKKyAgICAgICAgICAgICh2YWxpZC1oZWFk ZXI/ICdzeW0gdmFsKSkpKSkpCiAKIChkZWZpbmUtc3ludGF4IHBhc3MtaWYtYW55LWVycm9yCiAg IChzeW50YXgtcnVsZXMgKCkK --f46d04479505fc743c04b256d482-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 23 17:57:13 2011 Received: (at 10109-done) by debbugs.gnu.org; 23 Nov 2011 22:57:13 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RTLke-0001Zk-KM for submit@debbugs.gnu.org; Wed, 23 Nov 2011 17:57:13 -0500 Received: from a-pb-sasl-sd.pobox.com ([74.115.168.62] helo=sasl.smtp.pobox.com) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RTLkc-0001Zd-4O for 10109-done@debbugs.gnu.org; Wed, 23 Nov 2011 17:57:11 -0500 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 3B52081E1; Wed, 23 Nov 2011 17:55:42 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=sasl; bh=dji8+TItuD4KTeelPbQWUBpZzJw=; b=EyHPRV d1lwEdfg5Ky36+IEv+z7Z1QmmoZy0+KQ8FNmyGzWnVyovQA1ZLwh+w/VnmruWPfS 3bXezL3ZItoC4n3enoxhq0meiDaI+vT+QB5kS05276Fu1tQB1IkrP/Evih0YLGG6 by2xSDyfKy25s4i7THLTv1f/D/BBTh1sYhbKE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; q=dns; s=sasl; b=XM5f8LvSx9vkf2LDXIESner1JTmFV9wk y+D7RGwNJMOkJ/RqcGiC5bgDCql4cfvc17Q31qZ8KVC87K/vyywyzaiPHBe64UPt RQC4/IGY7t6grktP/+ew5PT9ugTT5Kw1Im/9JT1UJhTlxceJ8Lwd83B3QDzwOTlx LfVMgDkjwaA= Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 348AC81E0; Wed, 23 Nov 2011 17:55:42 -0500 (EST) Received: from badger (unknown [95.214.56.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id 190CD81DF; Wed, 23 Nov 2011 17:55:40 -0500 (EST) From: Andy Wingo To: Daniel Hartwig Subject: Re: bug#10109: [PATCH] (web http): list-style headers do not validate References: Date: Wed, 23 Nov 2011 21:25:48 +0100 In-Reply-To: (Daniel Hartwig's message of "Wed, 23 Nov 2011 02:18:36 +0800") Message-ID: <87ehwymvqr.fsf@pobox.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Pobox-Relay-ID: 44A2798A-1626-11E1-BDE4-65B1DE995924-02397024!a-pb-sasl-sd.pobox.com X-Spam-Score: -2.6 (--) X-Debbugs-Envelope-To: 10109-done Cc: ludo@gnu.org, 10109-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.6 (--) On Tue 22 Nov 2011 19:18, Daniel Hartwig writes: > Many of the list-style headers from (web http) do not validate > correctly. The test suite only checks that the header's parse and > does not test the associated validators. I applied both of your patches. Thank you very much! In the future, please make your patches as separate git commits in your repository. Then do `git format-patch origin/stable-2.0..HEAD'. Then attach the generated files to a mail. The advantage is that I don't have to cut and paste your commit log, and I don't have to make special effort to ensure that you are listed as the author in the commits. Also, your first patch is probably at the limit of how big a patch we can accept without getting you to assign copyright to the FSF. If you think you will send more patches in the future, it's probably a good idea to start that process, if you are OK with that. Email me privately and I'll tell you how to do that. Note that GNU has recently entered the 20th century ;) by sending the forms via PDF. You can submit them electronically too, but only if you are a US resident. Anyway, send me an email if you are interested. Thanks again for the patches! Andy -- http://wingolog.org/ From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 27 10:13:00 2011 Received: (at 10109) by debbugs.gnu.org; 27 Nov 2011 15:13:01 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RUgPc-0004SH-Gc for submit@debbugs.gnu.org; Sun, 27 Nov 2011 10:13:00 -0500 Received: from mail-iy0-f172.google.com ([209.85.210.172]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RUgPZ-0004S6-T5 for 10109@debbugs.gnu.org; Sun, 27 Nov 2011 10:12:58 -0500 Received: by iaeo4 with SMTP id o4so7501020iae.3 for <10109@debbugs.gnu.org>; Sun, 27 Nov 2011 07:11:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RbrYrCl5mqTAi+F+rtjKJg6dkjpkP6ChzKUFLCnVzeo=; b=xvHIfEU8tErJZwwPxO5ayWU3hr0aMG/Wm7xB01H4tyl5c6Ufu5ZhLUhogKJou3eKY1 SSyiTwJ89k8teGXjqbqmSsNCocUnZwrXiCdICXygKs9z598J3ggjlUJeSiMcCxA1nNtF r6Lymn7lLfbKsGOwUXjVHL3kbGHD6/ZSUxpGw= MIME-Version: 1.0 Received: by 10.50.140.1 with SMTP id rc1mr49652315igb.25.1322406668619; Sun, 27 Nov 2011 07:11:08 -0800 (PST) Received: by 10.231.206.138 with HTTP; Sun, 27 Nov 2011 07:11:08 -0800 (PST) In-Reply-To: References: Date: Sun, 27 Nov 2011 23:11:08 +0800 Message-ID: Subject: Re: bug#10109: [PATCH] (web http): list-style headers do not validate From: Daniel Hartwig To: 10109@debbugs.gnu.org Content-Type: multipart/mixed; boundary=e89a8f923a9cbb504d04b2b8cb23 X-Spam-Score: -4.2 (----) X-Debbugs-Envelope-To: 10109 Cc: Andy Wingo X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -4.1 (----) --e89a8f923a9cbb504d04b2b8cb23 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hello again My apologies for not noticing earlier, but I have spotted a couple minor issues with both the previous patch and original code that are corrected by the attached. All relate to the "Cache-Control" header: - `max-stale' has optional value (previous code requires it) - some directives do not have values (`no-store', etc.) - there are `cache-extension' directives that may or may not have a value Attached patch tidies this up, with explicit validation of all defined directives, though it leaves open one issue with the cache-extension directives: ;; cache-extension =3D token [ "=3D" ( token | quoted-string ) ] scheme@(web http)> (read-header (open-input-string "Cache-Control: foo=3D\"qstring\"\r\n")) $102 =3D cache-control $103 =3D ((foo . "qstring")) scheme@(web http)> (write-header 'cache-control $103 (current-output-port)) (newline) Cache-Control: foo=3Dqstring You see quotes around `qstring' are dropped, `parse-key-value-list' appears inadequate to distinguish between a token and quoted-string when passing values to the `val-parser'. This looks like it will raise itself in edge cases for some other headers. Will file a new bug if needed after investigation. Regards Daniel On 23 November 2011 02:18, Daniel Hartwig wrote: > Package: guile > Version: 2.0.3 > Tags: patch > > Many of the list-style headers from (web http) do not validate > correctly. =A0The test suite only checks that the header's parse and > does not test the associated validators. > > Attached is a very quick patch (0002) which exposes the failing > validators through the test-suite: > > $ ./guile-test tests/web-http.test > Running tests/web-http.test > ... > FAIL: tests/web-http.test: general headers: cache-control: > "no-transform" -> (no-transform) > [...] --e89a8f923a9cbb504d04b2b8cb23 Content-Type: text/x-patch; charset=US-ASCII; name="0001-Extend-handling-of-Cache-Control-header.patch" Content-Disposition: attachment; filename="0001-Extend-handling-of-Cache-Control-header.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gvi6qewh2 RnJvbSBiZjJhMDAyMTNjNjBjYzQ3YzZjMzI1N2EwYWZlODg1ZmNhMDQ0ZDI3IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBEYW5pZWwgSGFydHdpZyA8bWFuZHlrZUBnbWFpbC5jb20+CkRh dGU6IFN1biwgMjcgTm92IDIwMTEgMjI6Mzc6MjQgKzA4MDAKU3ViamVjdDogW1BBVENIXSBFeHRl bmQgaGFuZGxpbmcgb2YgIkNhY2hlLUNvbnRyb2wiIGhlYWRlci4KCiogbW9kdWxlL3dlYi9odHRw LnNjbSAoIkNhY2hlLUNvbnRyb2wiKTogVmFsdWUgZm9yIGBtYXgtc3RhbGUnIGlzCiAgb3B0aW9u YWwuICBTdHJpY3QgdmFsaWRhdGlvbiBmb3IgdmFsdWUtbGVzcyBkaXJlY3RpdmVzIChgbm8tc3Rv cmUnLAogIGV0Yy4pLiAgU3RyaW5nIHZhbHVlcyBvcHRpb25hbCBmb3IgImNhY2hlLWV4dGVuc2lv biIgZGlyZWN0aXZlcy4KKiB0ZXN0LXN1aXRlL3Rlc3RzL3dlYi1odHRwLnRlc3Q6IFZhbHVlIGZv ciBgbWF4LXN0YWxlJyBpcyBvcHRpb25hbC4KLS0tCiBtb2R1bGUvd2ViL2h0dHAuc2NtICAgICAg ICAgICAgfCAgIDEyICsrKysrKysrKy0tLQogdGVzdC1zdWl0ZS90ZXN0cy93ZWItaHR0cC50ZXN0 IHwgICAgMiArKwogMiBmaWxlcyBjaGFuZ2VkLCAxMSBpbnNlcnRpb25zKCspLCAzIGRlbGV0aW9u cygtKQoKZGlmZiAtLWdpdCBhL21vZHVsZS93ZWIvaHR0cC5zY20gYi9tb2R1bGUvd2ViL2h0dHAu c2NtCmluZGV4IGRjNzQyYTEuLjIwZWEyYWEgMTAwNjQ0Ci0tLSBhL21vZHVsZS93ZWIvaHR0cC5z Y20KKysrIGIvbW9kdWxlL3dlYi9odHRwLnNjbQpAQCAtMTI0MCwxOSArMTI0MCwyNSBAQCBwaHJh c2VcIi4iCiAoZGVjbGFyZS1rZXktdmFsdWUtbGlzdC1oZWFkZXIhICJDYWNoZS1Db250cm9sIgog ICAobGFtYmRhIChrIHYtc3RyKQogICAgIChjYXNlIGsKLSAgICAgICgobWF4LWFnZSBtYXgtc3Rh bGUgbWluLWZyZXNoIHMtbWF4YWdlKQorICAgICAgKChtYXgtYWdlIG1pbi1mcmVzaCBzLW1heGFn ZSkKICAgICAgICAocGFyc2Utbm9uLW5lZ2F0aXZlLWludGVnZXIgdi1zdHIpKQorICAgICAgKCht YXgtc3RhbGUpCisgICAgICAgKGFuZCB2LXN0ciAocGFyc2Utbm9uLW5lZ2F0aXZlLWludGVnZXIg di1zdHIpKSkKICAgICAgICgocHJpdmF0ZSBuby1jYWNoZSkKICAgICAgICAoYW5kIHYtc3RyIChz cGxpdC1oZWFkZXItbmFtZXMgdi1zdHIpKSkKICAgICAgIChlbHNlIHYtc3RyKSkpCiAgIChsYW1i ZGEgKGsgdikKICAgICAoY2FzZSBrCi0gICAgICAoKG1heC1hZ2UgbWF4LXN0YWxlIG1pbi1mcmVz aCBzLW1heGFnZSkKKyAgICAgICgobWF4LWFnZSBtaW4tZnJlc2ggcy1tYXhhZ2UpCiAgICAgICAg KG5vbi1uZWdhdGl2ZS1pbnRlZ2VyPyB2KSkKKyAgICAgICgobWF4LXN0YWxlKQorICAgICAgIChv ciAobm90IHYpIChub24tbmVnYXRpdmUtaW50ZWdlcj8gdikpKQogICAgICAgKChwcml2YXRlIG5v LWNhY2hlKQogICAgICAgIChvciAobm90IHYpIChsaXN0LW9mLWhlYWRlci1uYW1lcz8gdikpKQor ICAgICAgKChuby1zdG9yZSBuby10cmFuc2Zvcm0gb25seS1pZi1jYWNoZSBtdXN0LXJldmFsaWRh dGUgcHJveHktcmV2YWxpZGF0ZSkKKyAgICAgICAobm90IHYpKQogICAgICAgKGVsc2UKLSAgICAg ICAobm90IHYpKSkpCisgICAgICAgKG9yIChub3QgdikgKHN0cmluZz8gdikpKSkpCiAgIChsYW1i ZGEgKGsgdiBwb3J0KQogICAgIChjb25kCiAgICAgICgoc3RyaW5nPyB2KSAoZGlzcGxheSB2IHBv cnQpKQpkaWZmIC0tZ2l0IGEvdGVzdC1zdWl0ZS90ZXN0cy93ZWItaHR0cC50ZXN0IGIvdGVzdC1z dWl0ZS90ZXN0cy93ZWItaHR0cC50ZXN0CmluZGV4IGI2YWJiZjMuLmI1MjQ3YWIgMTAwNjQ0Ci0t LSBhL3Rlc3Qtc3VpdGUvdGVzdHMvd2ViLWh0dHAudGVzdAorKysgYi90ZXN0LXN1aXRlL3Rlc3Rz L3dlYi1odHRwLnRlc3QKQEAgLTgzLDYgKzgzLDggQEAKICAgICAgICAgICAgICAgICAgJygocHJp dmF0ZSAuIChmb28pKSkpCiAgIChwYXNzLWlmLXBhcnNlIGNhY2hlLWNvbnRyb2wgIm5vLWNhY2hl LG1heC1hZ2U9MTAiCiAgICAgICAgICAgICAgICAgICcobm8tY2FjaGUgKG1heC1hZ2UgLiAxMCkp KQorICAocGFzcy1pZi1wYXJzZSBjYWNoZS1jb250cm9sICJtYXgtc3RhbGUiICcobWF4LXN0YWxl KSkKKyAgKHBhc3MtaWYtcGFyc2UgY2FjaGUtY29udHJvbCAibWF4LXN0YWxlPTEwIiAnKChtYXgt c3RhbGUgLiAxMCkpKQogCiAgIChwYXNzLWlmLXBhcnNlIGNvbm5lY3Rpb24gImNsb3NlIiAnKGNs b3NlKSkKICAgKHBhc3MtaWYtcGFyc2UgY29ubmVjdGlvbiAiQ29udGVudC1FbmNvZGluZyIgJyhj b250ZW50LWVuY29kaW5nKSkKLS0gCjEuNy4yLjUKCg== --e89a8f923a9cbb504d04b2b8cb23-- From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 22 08:23:23 2011 Received: (at 10109) by debbugs.gnu.org; 22 Dec 2011 13:23:23 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RdicE-00005h-L5 for submit@debbugs.gnu.org; Thu, 22 Dec 2011 08:23:23 -0500 Received: from a-pb-sasl-sd.pobox.com ([74.115.168.62] helo=sasl.smtp.pobox.com) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RdicC-00005Z-7f for 10109@debbugs.gnu.org; Thu, 22 Dec 2011 08:23:21 -0500 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 9D0088247; Thu, 22 Dec 2011 08:21:09 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=sasl; bh=leVpzjvNPEaukpErl7sgvh5vTQA=; b=MkIb6V PYDcxplfoEvxvKI5ZKjj2u7wtySWtV5C3oF5RkF3JytFP+he35CjZU86dvQ/9C5d EQRfBinKgznHrTcgjGgc8VHRr9QJMH0hTx5JyFImO82DeOGFP3rGdNdBOIqBVKTY qdpuu5dhQQJEkTHoNvaNpOCgvkTEuVYm8czd8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; q=dns; s=sasl; b=OZBEN6xI7brIJsJuqB6JQUBcpT5OvYeA eoRMy+QpTokmAYEsdgITR4L/CjYY180h9DqGO3IXrgr40VGFRPpuFSipbzkb2bBl P8eEkN1NqVBeI5hVY/7FAuiGE3akYtCP6zmxwVy++O1O/Wm6oQRg/xVzX0Cv4rvq 2OHbqQDx4Ug= Received: from a-pb-sasl-sd.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTP id 94FC08246; Thu, 22 Dec 2011 08:21:09 -0500 (EST) Received: from badger (unknown [184.174.165.119]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-sd.pobox.com (Postfix) with ESMTPSA id 5273D8244; Thu, 22 Dec 2011 08:21:08 -0500 (EST) From: Andy Wingo To: Daniel Hartwig Subject: Re: bug#10109: [PATCH] (web http): list-style headers do not validate References: Date: Thu, 22 Dec 2011 08:21:06 -0500 In-Reply-To: (Daniel Hartwig's message of "Sun, 27 Nov 2011 23:11:08 +0800") Message-ID: <8762h8rbct.fsf@pobox.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Pobox-Relay-ID: CF180BFE-2C9F-11E1-BA72-65B1DE995924-02397024!a-pb-sasl-sd.pobox.com X-Spam-Score: -2.8 (--) X-Debbugs-Envelope-To: 10109 Cc: 10109@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.8 (--) On Sun 27 Nov 2011 10:11, Daniel Hartwig writes: > My apologies for not noticing earlier, but I have spotted a couple > minor issues with both the previous patch and original code that are > corrected by the attached. All relate to the "Cache-Control" header: > > - `max-stale' has optional value (previous code requires it) > - some directives do not have values (`no-store', etc.) > - there are `cache-extension' directives that may or may not have a value > > Attached patch tidies this up Thanks, it was a great patch. Applied and pushed. > with explicit validation of all defined > directives, though it leaves open one issue with the cache-extension > directives: I fixed this one, I think. Happy hacking, Andy -- http://wingolog.org/ From unknown Tue Jun 17 20:20:42 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 20 Jan 2012 12:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator