From 56910e7211363de26d3975635f4968c55de08eb6 Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Fri, 3 Jan 2025 08:42:55 +0100
Subject: [PATCH] Fix URL parsing to handle missing ports and ISO 8601
 timestamps in paths

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26303)
---
 crypto/http/http_lib.c                    | 10 ++--------
 test/http_test.c                          | 11 +++++++++++
 util/platform_symbols/unix-symbols.txt    |  1 +
 util/platform_symbols/windows-symbols.txt |  1 +
 4 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 725ec190849..fcf8a69e07a 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -59,7 +59,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
     const char *user, *user_end;
     const char *host, *host_end;
     const char *port, *port_end;
-    unsigned int portnum;
+    unsigned int portnum = 0;
     const char *path, *path_end;
     const char *query, *query_end;
     const char *frag, *frag_end;
@@ -107,13 +107,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
         p = ++host_end;
     } else {
         /* look for start of optional port, path, query, or fragment */
-        host_end = strchr(host, ':');
-        if (host_end == NULL)
-            host_end = strchr(host, '/');
-        if (host_end == NULL)
-            host_end = strchr(host, '?');
-        if (host_end == NULL)
-            host_end = strchr(host, '#');
+        host_end = strpbrk(host, ":/?#");
         if (host_end == NULL) /* the remaining string is just the hostname */
             host_end = host + strlen(host);
         p = host_end;
diff --git a/test/http_test.c b/test/http_test.c
index 548af69535a..050db5b223a 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -332,6 +332,16 @@ static int test_http_url_dns(void)
     return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path");
 }
 
+static int test_http_url_timestamp(void)
+{
+    return test_http_url_ok("host/p/2017-01-03T00:00:00", 0, "host", "80",
+                            "/p/2017-01-03T00:00:00")
+        && test_http_url_ok("http://host/p/2017-01-03T00:00:00", 0, "host",
+                            "80", "/p/2017-01-03T00:00:00")
+        && test_http_url_ok("https://host/p/2017-01-03T00:00:00", 1, "host",
+                            "443", "/p/2017-01-03T00:00:00");
+}
+
 static int test_http_url_path_query(void)
 {
     return test_http_url_path_query_ok("http://usr@host:1/p?q=x#frag", "/p?q=x")
@@ -559,6 +569,7 @@ int setup_tests(void)
         return 0;
 
     ADD_TEST(test_http_url_dns);
+    ADD_TEST(test_http_url_timestamp);
     ADD_TEST(test_http_url_path_query);
     ADD_TEST(test_http_url_userinfo_query_fragment);
     ADD_TEST(test_http_url_ipv4);
diff --git a/util/platform_symbols/unix-symbols.txt b/util/platform_symbols/unix-symbols.txt
index 0820d4f264e..d5d70802564 100644
--- a/util/platform_symbols/unix-symbols.txt
+++ b/util/platform_symbols/unix-symbols.txt
@@ -145,6 +145,7 @@ strdup
 strlen
 strncmp
 strncpy
+strpbrk
 strrchr
 strspn
 strstr
diff --git a/util/platform_symbols/windows-symbols.txt b/util/platform_symbols/windows-symbols.txt
index d0e6675a794..354528d47fa 100644
--- a/util/platform_symbols/windows-symbols.txt
+++ b/util/platform_symbols/windows-symbols.txt
@@ -125,6 +125,7 @@ tolower
 strspn
 strcspn
 strncpy
+strpbrk
 strncmp
 strcmp
 strcat_s
-- 
2.47.2