Fix URL parsing to handle missing ports and ISO 8601 timestamps in paths

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26303)

(cherry picked from commit 56910e7211363de26d3975635f4968c55de08eb6)

diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index e4537781047b6a870b50a915fa8aa0f7da81e845..4838d3ae2e6f52df1b47f65154e166747e918c5d 100644 (file)
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -59,7 +59,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
     const char *user, *user_end;
     const char *host, *host_end;
     const char *port, *port_end;
-    unsigned int portnum;
+    unsigned int portnum = 0;
     const char *path, *path_end;
     const char *query, *query_end;
     const char *frag, *frag_end;
@@ -107,13 +107,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
         p = ++host_end;
     } else {
         /* look for start of optional port, path, query, or fragment */
-        host_end = strchr(host, ':');
-        if (host_end == NULL)
-            host_end = strchr(host, '/');
-        if (host_end == NULL)
-            host_end = strchr(host, '?');
-        if (host_end == NULL)
-            host_end = strchr(host, '#');
+        host_end = strpbrk(host, ":/?#");
         if (host_end == NULL) /* the remaining string is just the hostname */
             host_end = host + strlen(host);
         p = host_end;

diff --git a/test/http_test.c b/test/http_test.c
index 61040be320bb704513ad957afd9ff7031f729b63..9ff0e423dff5fa1e2599919d047de1da6b7b2139 100644 (file)
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -299,6 +299,16 @@ static int test_http_url_dns(void)
     return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path");
 }
 
+static int test_http_url_timestamp(void)
+{
+    return test_http_url_ok("host/p/2017-01-03T00:00:00", 0, "host", "80",
+                            "/p/2017-01-03T00:00:00")
+        && test_http_url_ok("http://host/p/2017-01-03T00:00:00", 0, "host",
+                            "80", "/p/2017-01-03T00:00:00")
+        && test_http_url_ok("https://host/p/2017-01-03T00:00:00", 1, "host",
+                            "443", "/p/2017-01-03T00:00:00");
+}
+
 static int test_http_url_path_query(void)
 {
     return test_http_url_path_query_ok("http://usr@host:1/p?q=x#frag", "/p?q=x")
@@ -496,6 +506,7 @@ int setup_tests(void)
         return 0;
 
     ADD_TEST(test_http_url_dns);
+    ADD_TEST(test_http_url_timestamp);
     ADD_TEST(test_http_url_path_query);
     ADD_TEST(test_http_url_userinfo_query_fragment);
     ADD_TEST(test_http_url_ipv4);

diff --git a/util/platform_symbols/unix-symbols.txt b/util/platform_symbols/unix-symbols.txt
index cb43fc4e241f53fd58bde8aac13618bc7beed393..c0c2a8e6ee959cf400fbf0ff00e2e6816acd591c 100644 (file)
--- a/util/platform_symbols/unix-symbols.txt
+++ b/util/platform_symbols/unix-symbols.txt
@@ -140,6 +140,7 @@ strdup
 strlen
 strncmp
 strncpy
+strpbrk
 strrchr
 strspn
 strstr

diff --git a/util/platform_symbols/windows-symbols.txt b/util/platform_symbols/windows-symbols.txt
index d838023f6f89bb7c899adb42596e01284be0d0a3..72a1dffb93719a4f2b23aade7805338c9af8e06f 100644 (file)
--- a/util/platform_symbols/windows-symbols.txt
+++ b/util/platform_symbols/windows-symbols.txt
@@ -125,6 +125,7 @@ tolower
 strspn
 strcspn
 strncpy
+strpbrk
 strncmp
 strcmp
 strcat_s