[glib-networking/mcatanzaro/proxy-validation: 6/7] glibproxyresolver: validate proxy URIs

[Marge Bot <marge-bot src gnome org>]

commit 962d2f3c49110d41eaa80201c885da70ba7517e1
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Tue Jun 28 15:14:06 2022 -0500

    glibproxyresolver: validate proxy URIs
    
    This adds an extra layer of safety to ensure our GProxyResolver only
    ever returns URIs that GLib considers valid. Otherwise, if libproxy
    returns something silly like an empty string, nothing prevents us from
    passing it along.
    
    Part-of: <https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/212>

 proxy/libproxy/glibproxyresolver.c | 9 +++++++++
 1 file changed, 9 insertions(+)
---
diff --git a/proxy/libproxy/glibproxyresolver.c b/proxy/libproxy/glibproxyresolver.c
index 3f5a4f05..f31a8ba0 100644
--- a/proxy/libproxy/glibproxyresolver.c
+++ b/proxy/libproxy/glibproxyresolver.c
@@ -92,6 +92,7 @@ copy_proxies (gchar **proxies)
   gchar **copy;
   int len = 0;
   int i, j;
+  GError *error = NULL;
 
   for (i = 0; proxies[i]; i++)
     {
@@ -104,6 +105,14 @@ copy_proxies (gchar **proxies)
   copy = g_new (gchar *, len + 1);
   for (i = j = 0; proxies[i]; i++, j++)
     {
+      if (!g_uri_is_valid (proxies[i], G_URI_FLAGS_NONE, &error))
+        {
+          g_warning ("Received invalid URI %s from libproxy: %s", proxies[i], error->message);
+          g_clear_error (&error);
+          j--;
+          continue;
+        }
+
       if (!strncmp ("socks://", proxies[i], 8))
         {
           copy[j++] = g_strdup_printf ("socks5://%s", proxies[i] + 8);