[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 80/116: URL: return error on malformed URLs with ju
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 80/116: URL: return error on malformed URLs with junk after IPv6 bracket |
|
Date: |
Tue, 05 Dec 2017 14:51:50 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit ae7369b6d04b96f4021e08bd7f61c9e86d64beaa
Author: Michael Kaufmann <address@hidden>
AuthorDate: Sun Nov 12 13:25:09 2017 +0100
URL: return error on malformed URLs with junk after IPv6 bracket
Follow-up to aadb7c7. Verified by new test 1263.
Closes #2072
---
lib/url.c | 8 +++++++-
tests/data/Makefile.inc | 2 +-
tests/data/test1263 | 37 +++++++++++++++++++++++++++++++++++++
3 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/lib/url.c b/lib/url.c
index 6d7d2d460..d2208d5eb 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3337,7 +3337,13 @@ static CURLcode parse_remote_port(struct Curl_easy *data,
portptr = strchr(conn->host.name, ']');
if(portptr) {
*portptr++ = '\0'; /* zero terminate, killing the bracket */
- if(':' != *portptr)
+ if(*portptr) {
+ if (*portptr != ':') {
+ failf(data, "IPv6 closing bracket followed by '%c'", *portptr);
+ return CURLE_URL_MALFORMAT;
+ }
+ }
+ else
portptr = NULL; /* no port number available */
}
}
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 08d911773..08a75ee32 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -134,7 +134,7 @@ test1228 test1229 test1230 test1231 test1232 test1233
test1234 test1235 \
test1236 test1237 test1238 test1239 test1240 test1241 test1242 test1243 \
test1244 test1245 test1246 test1247 test1248 test1249 test1250 test1251 \
test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 \
-test1260 test1261 test1262 \
+test1260 test1261 test1262 test1263 \
\
test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 \
test1288 test1289 test1290 test1291 \
diff --git a/tests/data/test1263 b/tests/data/test1263
new file mode 100644
index 000000000..7946916e2
--- /dev/null
+++ b/tests/data/test1263
@@ -0,0 +1,37 @@
+# similar to test 1260
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+</keywords>
+</info>
+
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<server>
+none
+</server>
+<features>
+http
+</features>
+ <name>
+HTTP URL with rubbish after IPv6 bracket
+ </name>
+ <command>
+-g "http://[%HOSTIP]test:%HTTPPORT/we/want/1263";
"http://[%HOSTIP][%HOSTIP]:%HTTPPORT/we/want/1263";
"http://address@hidden::address@hidden";
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+# CURLE_URL_MALFORMAT == 3
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 81/116: RELEASE-NOTES: synced with ae7369b6d, (continued)
- [GNUnet-SVN] [gnurl] 81/116: RELEASE-NOTES: synced with ae7369b6d, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 60/116: content_encoding: do not write 0 length data, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 40/116: url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 86/116: examples/curlx: Fix code style, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 65/116: share: add support for sharing the connection cache, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 25/116: auth: add support for RFC7616 - HTTP Digest access authentication, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 87/116: BUGS: spellchecked, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 76/116: connect.c: remove executable bit on file, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 89/116: Curl_llist_remove: fix potential NULL pointer deref, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 82/116: TODO: ignore private IP addresses in PASV response, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 80/116: URL: return error on malformed URLs with junk after IPv6 bracket,
gnunet <=
- [GNUnet-SVN] [gnurl] 97/116: examples/rtsp: clear RANGE again after use, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 73/116: cmake: Add missing setmode check, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 84/116: macOS: Fix missing connectx function with Xcode version older than 9.0, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 105/116: test: add test for bad UNC/SMB path in file: URL, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 93/116: http2: fix "Value stored to 'end' is never read" scan-build error, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 94/116: Curl_open: fix OOM return error correctly, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 113/116: openssl: fix boringssl build again, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 110/116: global_init: ignore CURL_GLOBAL_SSL's absense, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 114/116: THANKS: added contributors from 7.57.0 release, gnunet, 2017/12/05
- [GNUnet-SVN] [gnurl] 88/116: ntlm: remove unnecessary NULL-check to please scan-build, gnunet, 2017/12/05