url: reject URLs with hostnames longer than 65535 bytes

It *probably* causes other problems too since DNS can't resolve such
long names, but the SNI field in TLS is limited to 16 bits length.

Closes #9317

diff --git a/lib/url.c b/lib/url.c
index 14a92007874fdec66f25a2d80418d622958af51f..359e20a7cd7c05344a1445cb58297d47181f18fe 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -2025,6 +2025,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
     if(!strcasecompare("file", data->state.up.scheme))
       return CURLE_OUT_OF_MEMORY;
   }
+  else if(strlen(data->state.up.hostname) > 0xffff) {
+    failf(data, "Too long host name");
+    return CURLE_URL_MALFORMAT;
+  }
 
 #ifndef CURL_DISABLE_HSTS
   if(data->hsts && strcasecompare("http", data->state.up.scheme)) {