luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

curl_url_set: enforce the max string length check for all parts

Browse Source 
Update the docs and test 1559 accordingly

Closes #11273
This commit is contained in:
Daniel Stenberg 2023-06-08 13:40:52 +02:00
parent 67e9e90f96
commit dacd25888f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/libcurl/curl_url_set.3
View File

@ -188,9 +188,8 @@ Returns a \fICURLUcode\fP error value, which is CURLUE_OK (0) if everything
went fine. See the \fIlibcurl-errors(3)\fP man page for the full list with
descriptions.
A URL string passed on to \fIcurl_url_set(3)\fP for the \fBCURLUPART_URL\fP
part, must be shorter than 8000000 bytes otherwise it returns
\fBCURLUE_MALFORMED_INPUT\fP (added in 7.65.0).
The input string passed to \fIcurl_url_set(3)\fP must be shorter than eight
million bytes. Otherwise this function returns \fBCURLUE_MALFORMED_INPUT\fP.
If this function returns an error, no URL part is set.
.SH "SEE ALSO"

14
lib/urlapi.c
View File

@ -1642,6 +1642,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
bool leadingslash = FALSE;
bool appendquery = FALSE;
bool equalsencode = FALSE;
size_t nalloc;
if(!u)
return CURLUE_BAD_HANDLE;
@ -1694,6 +1695,11 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
return CURLUE_OK;
}
nalloc = strlen(part);
if(nalloc > CURL_MAX_INPUT_LENGTH)
/* excessive input length */
return CURLUE_MALFORMED_INPUT;
switch(what) {
case CURLUPART_SCHEME: {
size_t plen = strlen(part);
@ -1800,14 +1806,8 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
}
DEBUGASSERT(storep);
{
const char *newp = part;
size_t nalloc = strlen(part);
const char *newp;
struct dynbuf enc;
if(nalloc > CURL_MAX_INPUT_LENGTH)
/* excessive input length */
return CURLUE_MALFORMED_INPUT;
Curl_dyn_init(&enc, nalloc * 3 + 1 + leadingslash);
if(leadingslash && (part[0] != '/')) {

2
tests/data/test1559
View File

@ -37,7 +37,7 @@ Set excessive URL lengths
CURLOPT_URL 10000000 bytes URL == 43
CURLOPT_POSTFIELDS 10000000 bytes data == 0
CURLUPART_URL 10000000 bytes URL == 3 (Malformed input to a URL function)
CURLUPART_SCHEME 10000000 bytes scheme == 27 (Bad scheme)
CURLUPART_SCHEME 10000000 bytes scheme == 3 (Malformed input to a URL function)
CURLUPART_USER 10000000 bytes user == 3 (Malformed input to a URL function)
</stdout>
</verify>