Reject IRIs with colons in the first path segment

author: David Robillard <d@drobilla.net> 2018-03-06 20:44:43 -0500
committer: David Robillard <d@drobilla.net> 2018-03-06 20:44:43 -0500
commit: f5b10932653b8f1c41acbd7c174e26e6eba21aaa (patch)
tree: 9669de0d6149b041a9398a0332dc9c9f98277010 /src
parent: 238783623ba138d9f677bf3edb7f21477d1d5bf3 (diff)
download: serd-f5b10932653b8f1c41acbd7c174e26e6eba21aaa.tar.gz
serd-f5b10932653b8f1c41acbd7c174e26e6eba21aaa.tar.bz2
serd-f5b10932653b8f1c41acbd7c174e26e6eba21aaa.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/src/uri.c b/src/uri.c
index 7b172e42..7f849d62 100644
--- a/src/uri.c
+++ b/src/uri.c
@@ -141,7 +141,8 @@ serd_uri_parse(const uint8_t* utf8, SerdURI* out)
 {
 	*out = SERD_URI_NULL;
 
-	const uint8_t* ptr = utf8;
+	const uint8_t* ptr            = utf8;
+	bool           path_has_slash = false;
 
 	/* See http://tools.ietf.org/html/rfc3986#section-3
 	   URI = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
@@ -203,6 +204,15 @@ path:
 		switch (c) {
 		case '?': goto query;
 		case '#': goto fragment;
+		case '/':
+			++out->path.len;
+			path_has_slash = true;
+			break;
+		case ':':
+			if (!path_has_slash) {
+				// RFC3987 S2.2: isegment-nz-nc can not contain a colon
+				return SERD_ERR_BAD_SYNTAX;
+			}
 		default:
 			++out->path.len;
 		}
author	David Robillard <d@drobilla.net>	2018-03-06 20:44:43 -0500
committer	David Robillard <d@drobilla.net>	2018-03-06 20:44:43 -0500
commit	f5b10932653b8f1c41acbd7c174e26e6eba21aaa (patch)
tree	9669de0d6149b041a9398a0332dc9c9f98277010 /src
parent	238783623ba138d9f677bf3edb7f21477d1d5bf3 (diff)
download	serd-f5b10932653b8f1c41acbd7c174e26e6eba21aaa.tar.gz serd-f5b10932653b8f1c41acbd7c174e26e6eba21aaa.tar.bz2 serd-f5b10932653b8f1c41acbd7c174e26e6eba21aaa.zip