From 657101ec0cb52ff6cd6acb8964d0d4715cf0f309 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 15 Aug 2022 09:17:24 +0200
Subject: [PATCH] url: reject URLs with hostnames longer than 65535 bytes

It *probably* causes other problems too since DNS can't resolve such
long names, but the SNI field in TLS is limited to 16 bits length.

Closes #9317
---
 lib/url.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/url.c b/lib/url.c
index 14a9200787..359e20a7cd 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2025,6 +2025,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data,
     if(!strcasecompare("file", data->state.up.scheme))
       return CURLE_OUT_OF_MEMORY;
   }
+  else if(strlen(data->state.up.hostname) > 0xffff) {
+    failf(data, "Too long host name");
+    return CURLE_URL_MALFORMAT;
+  }
 
 #ifndef CURL_DISABLE_HSTS
   if(data->hsts && strcasecompare("http", data->state.up.scheme)) {
-- 
2.47.3