GNU bug report logs - #10109
[PATCH] (web http): list-style headers do not validate

Previous Next

Package: guile;

Reported by: Daniel Hartwig <mandyke <at> gmail.com>

Date: Tue, 22 Nov 2011 18:35:01 UTC

Severity: normal

Tags: patch

Found in version 2.0.3

Done: Andy Wingo <wingo <at> pobox.com>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 10109 <at> debbugs.gnu.org (full text, mbox):

From: Daniel Hartwig <mandyke <at> gmail.com>
To: 10109 <at> debbugs.gnu.org
Cc: Andy Wingo <wingo <at> pobox.com>
Subject: Re: bug#10109: [PATCH] (web http): list-style headers do not validate
Date: Sun, 27 Nov 2011 23:11:08 +0800

[Message part 1 (text/plain, inline)]
Hello again

My apologies for not noticing earlier, but I have spotted a couple
minor issues with both the previous patch and original code that are
corrected by the attached. All relate to the "Cache-Control" header:

- `max-stale' has optional value (previous code requires it)
- some directives do not have values (`no-store', etc.)
- there are `cache-extension' directives that may or may not have a value

Attached patch tidies this up, with explicit validation of all defined
directives, though it leaves open one issue with the cache-extension
directives:

;; cache-extension = token [ "=" ( token | quoted-string ) ]
scheme@(web http)> (read-header (open-input-string "Cache-Control:
foo=\"qstring\"\r\n"))
$102 = cache-control
$103 = ((foo . "qstring"))
scheme@(web http)> (write-header 'cache-control $103
(current-output-port)) (newline)
Cache-Control: foo=qstring

You see quotes around `qstring' are dropped, `parse-key-value-list'
appears inadequate to distinguish between a token and quoted-string
when passing values to the `val-parser'.  This looks like it will
raise itself in edge cases for some other headers.  Will file a new
bug if needed after investigation.


Regards

Daniel

On 23 November 2011 02:18, Daniel Hartwig <mandyke <at> gmail.com> wrote:
> Package: guile
> Version: 2.0.3
> Tags: patch
>
> Many of the list-style headers from (web http) do not validate
> correctly.  The test suite only checks that the header's parse and
> does not test the associated validators.
>
> Attached is a very quick patch (0002) which exposes the failing
> validators through the test-suite:
>
> $ ./guile-test tests/web-http.test
> Running tests/web-http.test
> ...
> FAIL: tests/web-http.test: general headers: cache-control:
> "no-transform" -> (no-transform)
> [...]

[0001-Extend-handling-of-Cache-Control-header.patch (text/x-patch, attachment)]
This bug report was last modified 13 years and 151 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.