luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

urlapi: reject more bad letters from the host name: &+()

Browse Source 
Follow-up from eb0167ff7d

Extend test 1560 to verify

Closes #10096
This commit is contained in:
Daniel Stenberg 2022-12-14 23:41:08 +01:00
parent b740f152a8
commit c20b35ddae
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/urlapi.c
View File

@ -636,7 +636,7 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
} }
else { else {
/* letters from the second string are not ok */ /* letters from the second string are not ok */
len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,"); len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,+&()");
if(hlen != len) if(hlen != len)
/* hostname with bad content */ /* hostname with bad content */
return CURLUE_BAD_HOSTNAME; return CURLUE_BAD_HOSTNAME;

12
tests/libtest/lib1560.c
View File

@ -160,6 +160,10 @@ static const struct testcase get_parts_list[] ={
{"https://exam=ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME}, {"https://exam=ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
{"https://exam;ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME}, {"https://exam;ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
{"https://example,net", "", 0, 0, CURLUE_BAD_HOSTNAME}, {"https://example,net", "", 0, 0, CURLUE_BAD_HOSTNAME},
{"https://example&net", "", 0, 0, CURLUE_BAD_HOSTNAME},
{"https://example+net", "", 0, 0, CURLUE_BAD_HOSTNAME},
{"https://example(net", "", 0, 0, CURLUE_BAD_HOSTNAME},
{"https://example)net", "", 0, 0, CURLUE_BAD_HOSTNAME},
{"https://example.net/}", {"https://example.net/}",
"https | [11] | [12] | [13] | example.net | [15] | /} | [16] | [17]", "https | [11] | [12] | [13] | example.net | [15] | /} | [16] | [17]",
0, 0, CURLUE_OK}, 0, 0, CURLUE_OK},
@ -466,8 +470,8 @@ static const struct urltestcase get_url_list[] = {
{"https://0xff.0xff.0377.255", "https://255.255.255.255/", 0, 0, CURLUE_OK}, {"https://0xff.0xff.0377.255", "https://255.255.255.255/", 0, 0, CURLUE_OK},
{"https://1.0xffffff", "https://1.255.255.255/", 0, 0, CURLUE_OK}, {"https://1.0xffffff", "https://1.255.255.255/", 0, 0, CURLUE_OK},
/* IPv4 numerical overflows or syntax errors will not normalize */ /* IPv4 numerical overflows or syntax errors will not normalize */
{"https://+127.0.0.1", "https://+127.0.0.1/", 0, 0, CURLUE_OK}, {"https://a127.0.0.1", "https://a127.0.0.1/", 0, 0, CURLUE_OK},
{"https://+127.0.0.1", "https://%2B127.0.0.1/", 0, CURLU_URLENCODE, {"https://\xff.127.0.0.1", "https://%FF.127.0.0.1/", 0, CURLU_URLENCODE,
CURLUE_OK}, CURLUE_OK},
{"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_OK}, {"https://127.-0.0.1", "https://127.-0.0.1/", 0, 0, CURLUE_OK},
{"https://127.0. 1", "https://127.0.0.1/", 0, 0, CURLUE_BAD_HOSTNAME}, {"https://127.0. 1", "https://127.0.0.1/", 0, 0, CURLUE_BAD_HOSTNAME},
@ -632,9 +636,9 @@ static int checkurl(const char *url, const char *out)
/* !checksrc! disable SPACEBEFORECOMMA 1 */ /* !checksrc! disable SPACEBEFORECOMMA 1 */
static const struct setcase set_parts_list[] = { static const struct setcase set_parts_list[] = {
{"https://example.com/", {"https://example.com/",
"host=++,", /* '++' there's no automatic URL decode when settin this "host=0xff,", /* '++' there's no automatic URL decode when settin this
part */ part */
"https://++/", "https://0xff/",
0, /* get */ 0, /* get */
0, /* set */ 0, /* set */
CURLUE_OK, CURLUE_OK}, CURLUE_OK, CURLUE_OK},