From cf3e6ce92f1c9686129d0fd4a5d39c0fb38792ec Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 24 Feb 2023 18:17:33 +0100
Subject: [PATCH] idn: return error if the conversion ends up with a blank host

Some IDN sequences are converted into "" (nothing), which can make this
function end up with a zero length host name and we cannot consider that
a valid host to continue with.

Reported-by: Maciej Domanski
Closes #10617
---
 lib/idn.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/idn.c b/lib/idn.c
index abba895c45..5f4b07e018 100644
--- a/lib/idn.c
+++ b/lib/idn.c
@@ -184,6 +184,11 @@ CURLcode Curl_idnconvert_hostname(struct hostname *host)
   if(!Curl_is_ASCII_name(host->name)) {
     char *decoded = idn_decode(host->name);
     if(decoded) {
+      if(!*decoded) {
+        /* zero length is a bad host name */
+        Curl_idn_free(decoded);
+        return CURLE_URL_MALFORMAT;
+      }
       /* successful */
       host->encalloc = decoded;
       /* change the name pointer to point to the encoded hostname */
-- 
2.47.3