delta/curl.git/lib/urlapi.c, branch bagder/configure-dis-https-proxy github.com: bagder/curl.git urlapi: use more Curl_safefree 2020-09-17T07:44:36+00:00 Emil Engler me@emilengler.com 2020-09-16T19:33:27+00:00 c0f0e400e0bc43cbe8c42c6937ed0ac743a8d81a Closes #5968 
Closes #5968
terminology: call them null-terminated strings 2020-06-27T22:31:24+00:00 Daniel Stenberg daniel@haxx.se 2020-06-25T09:38:25+00:00 032e838b73578e9a5e8d2cf2ca0f5f2097006060 Updated terminology in docs, comments and phrases to refer to C strings as "null-terminated". Done to unify with how most other C oriented docs refer of them and what users in general seem to prefer (based on a single highly unscientific poll on twitter). Reported-by: coinhubs on github Fixes #5598 Closes #5608 
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).

Reported-by: coinhubs on github
Fixes #5598
Closes #5608
escape: make the URL decode able to reject only %00 bytes 2020-06-25T07:57:18+00:00 Daniel Stenberg daniel@haxx.se 2020-06-23T14:13:50+00:00 31e53584db5879894809fbde5445aac7553ac3e2 ... or all "control codes" or nothing. Assisted-by: Nicolas Sterchele 
... or all "control codes" or nothing.

Assisted-by: Nicolas Sterchele
urlapi: accept :: as a valid IPv6 address 2020-05-08T06:47:29+00:00 Daniel Stenberg daniel@haxx.se 2020-05-07T10:24:27+00:00 7f1c098728529b206e9118dcbccfd2611f8a70e4 Text 1560 is extended to verify. Reported-by: Pavel Volgarev Fixes #5344 Closes #5351 
Text 1560 is extended to verify.

Reported-by: Pavel Volgarev
Fixes #5344
Closes #5351
urlapi: guess scheme correct even with credentials given 2020-01-28T07:40:16+00:00 Daniel Stenberg daniel@haxx.se 2020-01-27T16:28:40+00:00 d3dc0a07e9bd11afaac026802a9701f0796de780 In the "scheme-less" parsing case, we need to strip off credentials first before we guess scheme based on the host name! Assisted-by: Jay Satiro Fixes #4856 Closes #4857 
In the "scheme-less" parsing case, we need to strip off credentials
first before we guess scheme based on the host name!

Assisted-by: Jay Satiro
Fixes #4856
Closes #4857
urlapi: fix use-after-free bug 2019-10-03T20:54:26+00:00 Daniel Stenberg daniel@haxx.se 2019-10-03T11:24:43+00:00 02c6b984cb7a2e01f290544a53a24d30fc7ab32e Follow-up from 2c20109a9b5d04 Added test 663 to verify. Reported by OSS-Fuzz Bug: https://crbug.com/oss-fuzz/17954 Closes #4453 
Follow-up from 2c20109a9b5d04

Added test 663 to verify.

Reported by OSS-Fuzz
Bug: https://crbug.com/oss-fuzz/17954

Closes #4453
urlapi: fix URL encoding when setting a full URL 2019-10-02T05:53:17+00:00 Daniel Stenberg daniel@haxx.se 2019-10-01T07:53:28+00:00 2c20109a9b5d0499a14a0226e68d55d027ecdb20 






urlapi: fix unused variable warning
2019-10-01T08:47:41+00:00

Marcel Raad
Marcel.Raad@teamviewer.com

2019-09-30T22:26:03+00:00

0f62c9af8bc24245a352363d614b8cf848a43e06

`dest` is only used with `ENABLE_IPV6`.

Closes https://github.com/curl/curl/pull/4444





`dest` is only used with `ENABLE_IPV6`.

Closes https://github.com/curl/curl/pull/4444







urlapi: question mark within fragment is still fragment
2019-09-24T21:30:43+00:00

Daniel Stenberg
daniel@haxx.se

2019-09-24T12:45:27+00:00

6e7733f7884e82e486971260f078f6cbcbeac552

The parser would check for a query part before fragment, which caused it
to do wrong when the fragment contains a question mark.

Extended test 1560 to verify.

Reported-by: Alex Konev
Fixes #4412
Closes #4413





The parser would check for a query part before fragment, which caused it
to do wrong when the fragment contains a question mark.

Extended test 1560 to verify.

Reported-by: Alex Konev
Fixes #4412
Closes #4413







urlapi: avoid index underflow for short ipv6 hostnames
2019-09-21T13:57:17+00:00

Paul Dreik
github@pauldreik.se

2019-09-20T11:25:20+00:00

47066036a084a9ba0caf46db24072a429c44fabb

If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.

hostname[hlen] will then cause a warning by ubsanitizer:

runtime error: addition of unsigned offset to 0x<snip> overflowed to
0x<snip>

I think that in practice, the generated code will work, and the output
of hostname[hlen] will be the first character "[".

This can be demonstrated by the following program (tested in both clang
and gcc, with -O3)

int main() {
  char* hostname=strdup("[");
  size_t hlen = strlen(hostname);

  hlen-=2;
  hostname++;
  printf("character is %d\n",+hostname[hlen]);
  free(hostname-1);
}

I found this through fuzzing, and even if it seems harmless, the proper
thing is to return early with an error.

Closes #4389





If the input hostname is "[", hlen will underflow to max of size_t when
it is subtracted with 2.

hostname[hlen] will then cause a warning by ubsanitizer:

runtime error: addition of unsigned offset to 0x<snip> overflowed to
0x<snip>

I think that in practice, the generated code will work, and the output
of hostname[hlen] will be the first character "[".

This can be demonstrated by the following program (tested in both clang
and gcc, with -O3)

int main() {
  char* hostname=strdup("[");
  size_t hlen = strlen(hostname);

  hlen-=2;
  hostname++;
  printf("character is %d\n",+hostname[hlen]);
  free(hostname-1);
}

I found this through fuzzing, and even if it seems harmless, the proper
thing is to return early with an error.

Closes #4389