url-parsing: reject CRLFs within URLs

author Daniel Stenberg <daniel@haxx.se>

Thu, 25 Dec 2014 22:55:03 +0000 (23:55 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 7 Jan 2015 21:55:56 +0000 (22:55 +0100)
author Daniel Stenberg <daniel@haxx.se>
Thu, 25 Dec 2014 22:55:03 +0000 (23:55 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 7 Jan 2015 21:55:56 +0000 (22:55 +0100)
diff --git a/lib/url.c b/lib/url.c

index 788f04849d64923de319f9c055a53f2ab036d4f5..d3bb5e0116e502dfe126333cb805cd8a4499dcc7 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -3842,6 +3842,13 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
  
    *prot_missing = FALSE;
  
+  /* We might pass the entire URL into the request so we need to make sure
+   * there are no bad characters in there.*/
+  if(strpbrk(data->change.url, "\r\n")) {
+    failf(data, "Illegal characters found in URL");
+    return CURLE_URL_MALFORMAT;
+  }
+
    /*************************************************************
     * Parse the URL.
     *
author	Daniel Stenberg <daniel@haxx.se>
	Thu, 25 Dec 2014 22:55:03 +0000 (23:55 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 7 Jan 2015 21:55:56 +0000 (22:55 +0100)