From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 29 Apr 2011 06:55:52 +0000 (-0600)
Subject: Bug 3183: Invalid URL accepted with url host part of only '@'.
X-Git-Tag: SQUID_3_0_STABLE26~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df6d3b4252a3ec3634565a41c867f086784b6ce9;p=thirdparty%2Fsquid.git

Bug 3183: Invalid URL accepted with url host part of only '@'.

3.0 results in an ICAP segfault handling these URLs.

Newer releases do not segfault as easily, but still accept the invalid
URL and there may be other unknown side-effects.

Makes the URL parser present ERR_INVALID_URL for this edge case.
---

diff --git a/src/url.cc b/src/url.cc
index 647d03b017..e63cf5fce8 100644
--- a/src/url.cc
+++ b/src/url.cc
@@ -231,6 +231,12 @@ urlParse(method_t method, char *url, HttpRequest *request)
             if (*t != '\0')
                 port = atoi(t);
         }
+
+        // Bug 3183 sanity check: If scheme is present, host must be too.
+        if (protocol != PROTO_NONE && (host == NULL || *host == '\0')) {
+            debugs(23, DBG_IMPORTANT, "SECURITY WARNING: Missing hostname in URL '" << url << "'. see access.log for details.");
+            return NULL;
+        }
     }
 
     for (t = host; *t; t++)