urlapi: reject more bad characters from the host name field

author Daniel Stenberg <daniel@haxx.se>

Tue, 27 Sep 2022 15:48:08 +0000 (17:48 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 28 Sep 2022 06:22:42 +0000 (08:22 +0200)
author Daniel Stenberg <daniel@haxx.se>
Tue, 27 Sep 2022 15:48:08 +0000 (17:48 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 28 Sep 2022 06:22:42 +0000 (08:22 +0200)
diff --git a/lib/urlapi.c b/lib/urlapi.c

index c28960ac107b807da1e1f293b9a1bcb0db285363..b3c91a085dfa0534169820f9773e7615b962299b 100644 (file)
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -637,7 +637,7 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname,
    }
    else {
      /* letters from the second string are not ok */
-    len = strcspn(hostname, " \r\n\t/:#?!@");
+    len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,");
      if(hlen != len)
        /* hostname with bad content */
        return CURLUE_BAD_HOSTNAME;
diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c

index e4acc3d74299dd357b42b181ede643893677aeee..4016266bfc3d1e2304e84e05701b58152cbf219e 100644 (file)
--- a/tests/libtest/lib1560.c
+++ b/tests/libtest/lib1560.c
@@ -138,6 +138,26 @@ struct clearurlcase {
  };
  
  static const struct testcase get_parts_list[] ={
+  {"https://exam{}[]ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam{ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam}ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam]ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam\\ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam$ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam'ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam\"ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam^ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam`ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam*ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam<ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam>ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam=ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://exam;ple.net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://example,net", "", 0, 0, CURLUE_BAD_HOSTNAME},
+  {"https://example.net/}",
+   "https | [11] | [12] | [13] | example.net | [15] | /} | [16] | [17]",
+   0, 0, CURLUE_OK},
+
    /* blank user is blank */
    {"https://:password@example.net",
     "https |  | password | [13] | example.net | [15] | / | [16] | [17]",
author	Daniel Stenberg <daniel@haxx.se>
	Tue, 27 Sep 2022 15:48:08 +0000 (17:48 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 28 Sep 2022 06:22:42 +0000 (08:22 +0200)
lib/urlapi.c		patch \| blob \| blame \| history
tests/libtest/lib1560.c		patch \| blob \| blame \| history