[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 131/222: urlapi: fix URL encoding when setting a full URL
|
From: |
gnunet |
|
Subject: |
[gnurl] 131/222: urlapi: fix URL encoding when setting a full URL |
|
Date: |
Thu, 07 Nov 2019 00:10:27 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 2c20109a9b5d0499a14a0226e68d55d027ecdb20
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Oct 1 09:53:28 2019 +0200
urlapi: fix URL encoding when setting a full URL
---
lib/urlapi.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/lib/urlapi.c b/lib/urlapi.c
index 1c13077ec..a57c5e72e 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -851,6 +851,16 @@ static CURLUcode seturl(const char *url, CURLU *u,
unsigned int flags)
if(junkscan(path))
return CURLUE_MALFORMED_INPUT;
+ if((flags & CURLU_URLENCODE) && path[0]) {
+ /* worst case output length is 3x the original! */
+ char *newp = malloc(strlen(path) * 3);
+ if(!newp)
+ return CURLUE_OUT_OF_MEMORY;
+ path_alloced = TRUE;
+ strcpy_url(newp, path, TRUE); /* consider it relative */
+ path = newp;
+ }
+
fragment = strchr(path, '#');
if(fragment)
*fragment++ = 0;
@@ -865,11 +875,16 @@ static CURLUcode seturl(const char *url, CURLU *u,
unsigned int flags)
else if(!(flags & CURLU_PATH_AS_IS)) {
/* sanitise paths and remove ../ and ./ sequences according to RFC3986 */
char *newp = Curl_dedotdotify(path);
- if(!newp)
+ if(!newp) {
+ if(path_alloced)
+ free(path);
return CURLUE_OUT_OF_MEMORY;
+ }
if(strcmp(newp, path)) {
/* if we got a new version */
+ if(path_alloced)
+ free(path);
path = newp;
path_alloced = TRUE;
}
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [gnurl] 97/222: openssl: use strerror on SSL_ERROR_SYSCALL, (continued)
- [gnurl] 97/222: openssl: use strerror on SSL_ERROR_SYSCALL, gnunet, 2019/11/06
- [gnurl] 109/222: FTP: add test for FTPFILE_NOCWD: Avoid redundant CWDs, gnunet, 2019/11/06
- [gnurl] 127/222: chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error, gnunet, 2019/11/06
- [gnurl] 95/222: url: don't set appconnect time for non-ssl/non-ssh connections, gnunet, 2019/11/06
- [gnurl] 121/222: git: add tests/server/disabled to .gitignore, gnunet, 2019/11/06
- [gnurl] 122/222: AppVeyor: remove MSYS2_ARG_CONV_EXCL for winbuild, gnunet, 2019/11/06
- [gnurl] 125/222: urlapi: fix unused variable warning, gnunet, 2019/11/06
- [gnurl] 123/222: AppVeyor: add 32-bit MinGW-w64 build, gnunet, 2019/11/06
- [gnurl] 130/222: tool_operate: rename functions to make more sense, gnunet, 2019/11/06
- [gnurl] 129/222: curl: create easy handles on-demand and not ahead of time, gnunet, 2019/11/06
- [gnurl] 131/222: urlapi: fix URL encoding when setting a full URL,
gnunet <=
- [gnurl] 114/222: docs: disambiguate CURLUPART_HOST is for host name (ie no port), gnunet, 2019/11/06
- [gnurl] 132/222: redirect: when following redirects to an absolute URL, URL encode it, gnunet, 2019/11/06
- [gnurl] 99/222: HTTP3: show an --alt-svc using example too, gnunet, 2019/11/06
- [gnurl] 98/222: FTP: url-decode path before evaluation, gnunet, 2019/11/06
- [gnurl] 150/222: curl: --no-progress-meter, gnunet, 2019/11/06
- [gnurl] 128/222: CURLMOPT_MAX_CONCURRENT_STREAMS: new setopt, gnunet, 2019/11/06
- [gnurl] 137/222: cookie: avoid harmless use after free, gnunet, 2019/11/06
- [gnurl] 105/222: README: minor grammar fix, gnunet, 2019/11/06
- [gnurl] 103/222: quiche: don't close connection at end of stream!, gnunet, 2019/11/06
- [gnurl] 110/222: INSTALL: add vcpkg installation instructions, gnunet, 2019/11/06