From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 2 Nov 2023 09:52:46 +0000 (+0100)
Subject: hsts: skip single-dot hostname
X-Git-Tag: curl-8_5_0~158
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8c058a820afe71073823364d29ff22ed0ac34de5;p=thirdparty%2Fcurl.git

hsts: skip single-dot hostname

Reported-by: Maksymilian Arciemowicz

Closes #12247
---

diff --git a/lib/hsts.c b/lib/hsts.c
index 7ecf0042a5..6fac2b7c04 100644
--- a/lib/hsts.c
+++ b/lib/hsts.c
@@ -40,6 +40,7 @@
 #include "fopen.h"
 #include "rename.h"
 #include "share.h"
+#include "strdup.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -116,22 +117,30 @@ static CURLcode hsts_create(struct hsts *h,
                             bool subdomains,
                             curl_off_t expires)
 {
-  struct stsentry *sts = hsts_entry();
+  struct stsentry *sts;
   char *duphost;
   size_t hlen;
+  DEBUGASSERT(h);
+  DEBUGASSERT(hostname);
+
+  hlen = strlen(hostname);
+  if(hlen && (hostname[hlen - 1] == '.'))
+    /* strip off any trailing dot */
+    --hlen;
+  if(!hlen)
+    /* no host name left */
+    return CURLE_BAD_FUNCTION_ARGUMENT;
+
+  sts = hsts_entry();
   if(!sts)
     return CURLE_OUT_OF_MEMORY;
 
-  duphost = strdup(hostname);
+  duphost = Curl_memdup(hostname, hlen + 1);
   if(!duphost) {
     free(sts);
     return CURLE_OUT_OF_MEMORY;
   }
-
-  hlen = strlen(duphost);
-  if(duphost[hlen - 1] == '.')
-    /* strip off trailing any dot */
-    duphost[--hlen] = 0;
+  duphost[hlen] = 0; /* might remove a dot */
 
   sts->host = duphost;
   sts->expires = expires;