From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 31 Oct 2023 10:24:13 +0000 (+0100)
Subject: urlapi: avoid null deref if setting blank host to url encode
X-Git-Tag: curl-8_5_0~164
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c64d0d67fdb494178cf8ee9eab3096b27d38a9bd;p=thirdparty%2Fcurl.git

urlapi: avoid null deref if setting blank host to url encode

Reported-by: kirbyn17 on hackerone

Closes #12240
---

diff --git a/lib/urlapi.c b/lib/urlapi.c
index 91f615c3bc..be27b02332 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -1931,8 +1931,8 @@ nomem:
       }
     }
 
-    if(what == CURLUPART_HOST) {
-      size_t n = strlen(newp);
+    else if(what == CURLUPART_HOST) {
+      size_t n = Curl_dyn_len(&enc);
       if(!n && (flags & CURLU_NO_AUTHORITY)) {
         /* Skip hostname check, it's allowed to be empty. */
       }