Fix URL parsing to handle missing ports and ISO 8601 timestamps in paths

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26303)

diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 725ec1908499813dae4813196681139ddcaf4b91..fcf8a69e07a86472fdb20ba1d88873b34ad519e2 100644 (file)
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -59,7 +59,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
     const char *user, *user_end;
     const char *host, *host_end;
     const char *port, *port_end;
-    unsigned int portnum;
+    unsigned int portnum = 0;
     const char *path, *path_end;
     const char *query, *query_end;
     const char *frag, *frag_end;
@@ -107,13 +107,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
         p = ++host_end;
     } else {
         /* look for start of optional port, path, query, or fragment */
-        host_end = strchr(host, ':');
-        if (host_end == NULL)
-            host_end = strchr(host, '/');
-        if (host_end == NULL)
-            host_end = strchr(host, '?');
-        if (host_end == NULL)
-            host_end = strchr(host, '#');
+        host_end = strpbrk(host, ":/?#");
         if (host_end == NULL) /* the remaining string is just the hostname */
             host_end = host + strlen(host);
         p = host_end;

diff --git a/test/http_test.c b/test/http_test.c
index 548af69535a51155cb3de78a022d27c2a4b0a056..050db5b223a8502db617468caaf9c217deba3a8b 100644 (file)
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -332,6 +332,16 @@ static int test_http_url_dns(void)
     return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path");
 }
 
+static int test_http_url_timestamp(void)
+{
+    return test_http_url_ok("host/p/2017-01-03T00:00:00", 0, "host", "80",
+                            "/p/2017-01-03T00:00:00")
+        && test_http_url_ok("http://host/p/2017-01-03T00:00:00", 0, "host",
+                            "80", "/p/2017-01-03T00:00:00")
+        && test_http_url_ok("https://host/p/2017-01-03T00:00:00", 1, "host",
+                            "443", "/p/2017-01-03T00:00:00");
+}
+
 static int test_http_url_path_query(void)
 {
     return test_http_url_path_query_ok("http://usr@host:1/p?q=x#frag", "/p?q=x")
@@ -559,6 +569,7 @@ int setup_tests(void)
         return 0;
 
     ADD_TEST(test_http_url_dns);
+    ADD_TEST(test_http_url_timestamp);
     ADD_TEST(test_http_url_path_query);
     ADD_TEST(test_http_url_userinfo_query_fragment);
     ADD_TEST(test_http_url_ipv4);

diff --git a/util/platform_symbols/unix-symbols.txt b/util/platform_symbols/unix-symbols.txt
index 0820d4f264e70495c3b2fea87fb9099751093fb8..d5d708025645c65e60637fb9e0e29f016068cb00 100644 (file)
--- a/util/platform_symbols/unix-symbols.txt
+++ b/util/platform_symbols/unix-symbols.txt
@@ -145,6 +145,7 @@ strdup
 strlen
 strncmp
 strncpy
+strpbrk
 strrchr
 strspn
 strstr

diff --git a/util/platform_symbols/windows-symbols.txt b/util/platform_symbols/windows-symbols.txt
index d0e6675a794ba7158dfaa93746a5aa89ff27d49c..354528d47facb24820b908a32880a0379a380357 100644 (file)
--- a/util/platform_symbols/windows-symbols.txt
+++ b/util/platform_symbols/windows-symbols.txt
@@ -125,6 +125,7 @@ tolower
 strspn
 strcspn
 strncpy
+strpbrk
 strncmp
 strcmp
 strcat_s