]> git.ipfire.org Git - thirdparty/curl.git/commitdiff
projects / thirdparty / curl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fa461b4)
urlapi: verify URL *decoded* hostname when set
authorDaniel Stenberg <daniel@haxx.se>
Fri, 23 Aug 2024 08:41:26 +0000 (10:41 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Fri, 23 Aug 2024 11:55:13 +0000 (13:55 +0200)
It was previously wrongly verifying the input in its URL encoded format
when setting the hostname component with curl_url_set(), so it wrongly
rejected '%'.

Now it URL decodes the name appropriately before the check.

Added tests to lib1560 to verify that a fine %-code is okay and that a
bad %-code (that decodes to '%') is rejected.

Regression from 0a0c9b6dfa0de4a4c, shipped in 8.0.0

Fixes #14656
Reported-by: Venkat Krishna R
Closes #14657

lib/urlapi.c patch | blob | blame | history
tests/libtest/lib1560.c patch | blob | blame | history

diff --git a/lib/urlapi.c b/lib/urlapi.c
index 00e12e645e871058da5d47a9c5b804ce84e3550f..3d4a3f94b85eebbd796e9e19f3cdbc90b81715b8 100644 (file)
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -1991,7 +1991,23 @@ nomem:
         /* Skip hostname check, it is allowed to be empty. */
       }
       else {
-        if(!n || hostname_check(u, (char *)newp, n)) {
+        bool bad = FALSE;
+        if(!n)
+          bad = TRUE; /* empty hostname is not okay */
+        else if(!urlencode) {
+          /* if the host name part was not URL encoded here, it was set ready
+             URL encoded so we need to decode it to check */
+          size_t dlen;
+          char *decoded = NULL;
+          CURLcode result =
+            Curl_urldecode(newp, n, &decoded, &dlen, REJECT_CTRL);
+          if(result || hostname_check(u, decoded, dlen))
+            bad = TRUE;
+          free(decoded);
+        }
+        else if(hostname_check(u, (char *)newp, n))
+          bad = TRUE;
+        if(bad) {
           Curl_dyn_free(&enc);
           return CURLUE_BAD_HOSTNAME;
         }
diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c
index 0109d6edd204ba54ff001c6d4ac04bcd2b87f415..2956ce9b5072570f823ac8a265409e8299346b99 100644 (file)
--- a/tests/libtest/lib1560.c
+++ b/tests/libtest/lib1560.c
@@ -838,6 +838,14 @@ static const struct setgetcase setget_parts_list[] = {
 
 /* !checksrc! disable SPACEBEFORECOMMA 1 */
 static const struct setcase set_parts_list[] = {
+  {"https://example.com/",
+   "host=%43url.se,",
+   "https://%43url.se/",
+   0, 0, CURLUE_OK, CURLUE_OK},
+  {"https://example.com/",
+   "host=%25url.se,",
+   "",
+   0, 0, CURLUE_OK, CURLUE_BAD_HOSTNAME},
   {"https://example.com/?param=value",
    "query=\"\",",
    "https://example.com/",
Mirror of https://github.com/curl/curl.git