From 2897ddfbee5ec3da72863cb8d5ee1370c9698f8a Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 3 Mar 2013 14:52:06 +1300
Subject: Stricter error checking for http.parse_url

---
 netlib/http.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'netlib/http.py')

diff --git a/netlib/http.py b/netlib/http.py
index 10b6a402..c864f1de 100644
--- a/netlib/http.py
+++ b/netlib/http.py
@@ -15,6 +15,11 @@ class HttpErrorConnClosed(HttpError): pass
 def parse_url(url):
     """
         Returns a (scheme, host, port, path) tuple, or None on error.
+
+        Checks that:
+            port is an integer
+            host is a valid IDNA-encoded hostname
+            path is valid ASCII
     """
     scheme, netloc, path, params, query, fragment = urlparse.urlparse(url)
     if not scheme:
@@ -34,6 +39,14 @@ def parse_url(url):
     path = urlparse.urlunparse(('', '', path, params, query, fragment))
     if not path.startswith("/"):
         path = "/" + path
+    try:
+        host.decode("idna")
+    except ValueError:
+        return None
+    try:
+        path.decode("ascii")
+    except ValueError:
+        return None
     return scheme, host, port, path
 
 
-- 
cgit v1.2.3