[glib-networking/mcatanzaro/proxy-validation] glibproxyresolver: validate proxy URIs

[Michael Catanzaro <mcatanzaro src gnome org>]

commit b506a9a2e8dc60084e5209b3446678675af9e67d
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Tue Jun 28 15:14:06 2022 -0500

    glibproxyresolver: validate proxy URIs
    
    This adds an extra layer of safety to ensure our GProxyResolver only
    ever returns URIs that GLib considers valid. Otherwise, if libproxy
    returns something silly like an empty string, nothing prevents us from
    passing it along.

 proxy/libproxy/glibproxyresolver.c | 9 +++++++++
 1 file changed, 9 insertions(+)
---
diff --git a/proxy/libproxy/glibproxyresolver.c b/proxy/libproxy/glibproxyresolver.c
index 3f5a4f05..f31a8ba0 100644
--- a/proxy/libproxy/glibproxyresolver.c
+++ b/proxy/libproxy/glibproxyresolver.c
@@ -92,6 +92,7 @@ copy_proxies (gchar **proxies)
   gchar **copy;
   int len = 0;
   int i, j;
+  GError *error = NULL;
 
   for (i = 0; proxies[i]; i++)
     {
@@ -104,6 +105,14 @@ copy_proxies (gchar **proxies)
   copy = g_new (gchar *, len + 1);
   for (i = j = 0; proxies[i]; i++, j++)
     {
+      if (!g_uri_is_valid (proxies[i], G_URI_FLAGS_NONE, &error))
+        {
+          g_warning ("Received invalid URI %s from libproxy: %s", proxies[i], error->message);
+          g_clear_error (&error);
+          j--;
+          continue;
+        }
+
       if (!strncmp ("socks://", proxies[i], 8))
         {
           copy[j++] = g_strdup_printf ("socks5://%s", proxies[i] + 8);