From b5acc2776b58d68c7d79155a8a19b5f0501d346e Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 10 Apr 2011 14:00:38 +1200
Subject: [PATCH] Bug 3183: Invalid URL accepted with url host part of only
 '@'.

3.0 results in an ICAP segfault handling these URLs.

Newer releases do not segfault as easily, but still accept the invalid
URL and there may be other unknown side-effects.

Makes the URL parser present ERR_INVALID_URL for this edge case.
---
 src/url.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/url.cc b/src/url.cc
index 2e63319b0e..8fdb920eed 100644
--- a/src/url.cc
+++ b/src/url.cc
@@ -326,6 +326,12 @@ urlParse(const HttpRequestMethod& method, char *url, HttpRequest *request)
             }
         }
 
+        // Bug 3183 sanity check: If scheme is present, host must be too.
+        if (protocol != AnyP::PROTO_NONE && (host == NULL || *host == '\0')) {
+            debugs(23, DBG_IMPORTANT, "SECURITY WARNING: Missing hostname in URL '" << url << "'. see access.log for details.");
+            return NULL;
+        }
+
         if (t && *t == ':') {
             *t = '\0';
             t++;
-- 
2.47.3