urlapi: handle redirect without set scheme with default-scheme

Verify in test 1921

Reported-by: mulan_dh on hackerone
Closes #21632

diff --git a/lib/urlapi.c b/lib/urlapi.c
index 2e7aa7824a75c11b02c183d8a95c00ddd1e8b29d..71f2756ca034b7cf0236685cb1d25475258bc9dc 100644 (file)
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -1231,9 +1231,12 @@ static CURLUcode redirect_url(const char *base, const char *relurl,
   const char *cutoff = NULL;
   size_t prelen;
   CURLUcode uc;
+  /* this can get here with a NULL u->scheme only if asked to use the default
+     scheme, so allow fallback to that */
+  const char *scheme = u->scheme ? u->scheme : DEFAULT_SCHEME;
 
   /* protsep points to the start of the hostname, after [scheme]:// */
-  const char *protsep = base + strlen(u->scheme) + 3;
+  const char *protsep = base + strlen(scheme) + 3;
   DEBUGASSERT(base && relurl && u); /* all set here */
   if(!base)
     return CURLUE_MALFORMED_INPUT; /* should never happen */

diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index f9d0e769f675d9b16d52ab83d472220ff41beb24..9c63d7674e7b1b6cc428bea3357168b1fef892ad 100644 (file)
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -235,7 +235,7 @@ test1800 test1801 test1802 test1847 test1848 test1849 test1850 test1851 \
 \
 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 \
 test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
-test1916 test1917 test1918 test1919 test1920 \
+test1916 test1917 test1918 test1919 test1920 test1921 \
 \
 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test1940 \
 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \

diff --git a/tests/data/test1921 b/tests/data/test1921
new file mode 100644 (file)
index 0000000..15a3fe1
--- /dev/null
+++ b/tests/data/test1921
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="US-ASCII"?>
+<testcase>
+<info>
+<keywords>
+urlapi
+</keywords>
+</info>
+
+# Client-side
+<client>
+
+<name>
+Set a URL without scheme, then redirect with default scheme
+</name>
+<tool>
+lib%TESTNUMBER
+</tool>
+
+<command>
+-
+</command>
+</client>
+
+<verify>
+<stdout mode="text">
+URL: https://example.com/newpath
+</stdout>
+</verify>
+
+</testcase>

diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index b412cbc9b281fc43c0db1a860557840d62cf91ed..734e7f30e95d9105bdf8476ecdd48be61791deb2 100644 (file)
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -102,7 +102,7 @@ TESTS_C = \
   lib1662.c \
   lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c \
   lib1908.c           lib1910.c lib1911.c lib1912.c lib1913.c \
-  lib1915.c lib1916.c           lib1918.c lib1919.c lib1920.c \
+  lib1915.c lib1916.c           lib1918.c lib1919.c lib1920.c lib1921.c \
   lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c \
   lib1940.c                                         lib1945.c \
   lib1947.c lib1948.c \

diff --git a/tests/libtest/lib1921.c b/tests/libtest/lib1921.c
new file mode 100644 (file)
index 0000000..8799c2d
--- /dev/null
+++ b/tests/libtest/lib1921.c
@@ -0,0 +1,52 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ * SPDX-License-Identifier: curl
+ *
+ ***************************************************************************/
+#include "first.h"
+
+static CURLcode test_lib1921(const char *URL)
+{
+  CURLU *u = curl_url();
+  CURLUcode rc;
+  if(!u)
+    return CURLE_FAILED_INIT;
+  (void)URL; /* unused */
+  /* u->scheme remains NULL */
+  rc = curl_url_set(u, CURLUPART_HOST, "example.com", 0);
+  if(!rc)
+    rc = curl_url_set(u, CURLUPART_PATH, "/original", 0);
+
+  if(!rc)
+    /* Relative URL + CURLU_DEFAULT_SCHEME reaches redirect_url() */
+    rc = curl_url_set(u, CURLUPART_URL, "/newpath", CURLU_DEFAULT_SCHEME);
+
+  if(!rc) {
+    char *url;
+    rc = curl_url_get(u, CURLUPART_URL, &url, 0);
+    if(!rc) {
+      curl_mprintf("URL: %s\n", url);
+      curl_free(url);
+    }
+  }
+  curl_url_cleanup(u);
+  return rc ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
+}