Validate raw-IPv4 when parsing hostnames (#2140)

diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc
index 97121e4d65f33aabbefe0ba496aaf02668efb514..6527e6316c34558dc504e6e46b2c637b5586dae6 100644 (file)
--- a/src/anyp/Uri.cc
+++ b/src/anyp/Uri.cc
@@ -637,8 +637,20 @@ AnyP::Uri::parseHost(Parser::Tokenizer &tok) const
 
     // no brackets implies we are looking at IPv4address or reg-name
 
-    // XXX: This code does not detect/reject some bad host values (e.g. "!#$%&"
-    // and "1.2.3.4.5"). TODO: Add more checks here, after migrating the
+    static const CharacterSet IPv4chars = CharacterSet("period", ".") + CharacterSet::DIGIT;
+    SBuf ipv4ish; // IPv4address-ish
+    if (tok.prefix(ipv4ish, IPv4chars)) {
+        // This rejects non-IP addresses that our caller would have
+        // otherwise mistaken for a domain name (e.g., '127.0.0' or '1234.5').
+        Ip::Address ipCheck;
+        if (!ipCheck.fromHost(ipv4ish.c_str()))
+            throw TextException("malformed IP address in uri-host", Here());
+
+        return ipv4ish;
+    }
+
+    // XXX: This code does not detect/reject some bad host values (e.g. "!#$%&").
+    // TODO: Add more checks here, after migrating the
     // non-CONNECT uri-host parsing code to use us.
 
     SBuf otherHost; // IPv4address-ish or reg-name-ish;