Related: tdf#99499, add a limit to the number of http redirections
Check for maximum number of redirections according to
<https://tools.ietf.org/html/rfc7231#section-6.4>.
A practical limit can be 5, due to old RFC:
<https://tools.ietf.org/html/rfc2068#section-10.3>, this limit is
reported also in more recent RFCs, see final paragraph of RFC7231, 6.4.
Change-Id: I2b394ef8d1ef391a527df349aa749819c496657b
Reviewed-on: https://gerrit.libreoffice.org/28066
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Giuseppe Castagno <giuseppe.castagno@acca-esse.eu>
diff --git a/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx b/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx
index 51feef6..026186d 100644
--- a/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx
+++ b/ucb/source/ucp/webdav-neon/DAVResourceAccess.cxx
@@ -133,7 +133,8 @@ DAVResourceAccess::DAVResourceAccess(
const OUString & rURL )
: m_aURL( rURL ),
m_xSessionFactory( rSessionFactory ),
m_xContext( rxContext )
m_xContext( rxContext ),
m_nRedirectLimit( 5 )
{
}
@@ -145,7 +146,8 @@ DAVResourceAccess::DAVResourceAccess( const DAVResourceAccess & rOther )
m_xSession( rOther.m_xSession ),
m_xSessionFactory( rOther.m_xSessionFactory ),
m_xContext( rOther.m_xContext ),
m_aRedirectURIs( rOther.m_aRedirectURIs )
m_aRedirectURIs( rOther.m_aRedirectURIs ),
m_nRedirectLimit( rOther.m_nRedirectLimit )
{
}
@@ -160,6 +162,7 @@ DAVResourceAccess & DAVResourceAccess::operator=(
m_xSessionFactory = rOther.m_xSessionFactory;
m_xContext = rOther.m_xContext;
m_aRedirectURIs = rOther.m_aRedirectURIs;
m_nRedirectLimit = rOther.m_nRedirectLimit;
return *this;
}
@@ -1140,7 +1143,7 @@ void DAVResourceAccess::getUserRequestHeaders(
DAVRequestHeader( "User-Agent", "LibreOffice" ) );
}
// This function member implements the control on cyclical redirections
bool DAVResourceAccess::detectRedirectCycle(
const OUString& rRedirectURL )
throw ( DAVException )
@@ -1152,8 +1155,18 @@ bool DAVResourceAccess::detectRedirectCycle(
std::vector< NeonUri >::const_iterator it = m_aRedirectURIs.begin();
std::vector< NeonUri >::const_iterator end = m_aRedirectURIs.end();
// Check for maximum number of redirections
// according to <https://tools.ietf.org/html/rfc7231#section-6.4>.
// A pratical limit may be 5, due to earlier specifications:
// <https://tools.ietf.org/html/rfc2068#section-10.3>
// it can be raised keeping in mind the added net activity.
if( static_cast< size_t >( m_nRedirectLimit ) <= m_aRedirectURIs.size() )
return true;
// try to detect a cyclical redirection
while ( it != end )
{
// if equal, cyclical redirection detected
if ( aUri == (*it) )
return true;
diff --git a/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx b/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx
index 503c1be..96b308d 100644
--- a/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx
+++ b/ucb/source/ucp/webdav-neon/DAVResourceAccess.hxx
@@ -62,6 +62,7 @@ class DAVResourceAccess
rtl::Reference< DAVSessionFactory > m_xSessionFactory;
css::uno::Reference< css::uno::XComponentContext > m_xContext;
std::vector< NeonUri > m_aRedirectURIs;
sal_uInt32 m_nRedirectLimit;
public:
DAVResourceAccess( const css::uno::Reference< css::uno::XComponentContext > & rxContext,
diff --git a/ucb/source/ucp/webdav-neon/webdavcontent.cxx b/ucb/source/ucp/webdav-neon/webdavcontent.cxx
index ca4531d..9cada12 100644
--- a/ucb/source/ucp/webdav-neon/webdavcontent.cxx
+++ b/ucb/source/ucp/webdav-neon/webdavcontent.cxx
@@ -3919,6 +3919,10 @@ void Content::getResourceOptions(
}
}
break;
// The 'DAVException::DAV_HTTP_REDIRECT' means we reached the maximum
// number of redirections, consider the resource type as UNKNOWN
// possibly a normal web site, not DAV
case DAVException::DAV_HTTP_REDIRECT:
default: // leave the resource type as UNKNOWN, for now
// it means this will be managed as a standard http site
SAL_WARN( "ucb.ucp.webdav","OPTIONS - DAVException for URL <" << m_xIdentifier->getContentIdentifier() << ">, DAV error: "
