diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-11-22 10:11:59 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-11-23 08:45:21 +0100 |
commit | 3e6eb18fcea96dfb33af3a2f03ce65444e710ff0 (patch) | |
tree | 3547859b8bc6a5cde7745401463135b7244f00f5 | |
parent | ffb6a9e8a6a13c4fdd8df2134f64e377a57e25be (diff) | |
download | curl-3e6eb18fcea96dfb33af3a2f03ce65444e710ff0.tar.gz |
urlapi: reject short file URLs
file URLs that are 6 bytes or shorter are not complete. Return
CURLUE_MALFORMED_INPUT for those. Extended test 1560 to verify.
Triggered by #8041
Closes #8042
-rw-r--r-- | lib/urlapi.c | 4 | ||||
-rw-r--r-- | tests/libtest/lib1560.c | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/lib/urlapi.c b/lib/urlapi.c index b0bce2e7d..ff157c743 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -824,6 +824,10 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags) /* handle the file: scheme */ if(url_has_scheme && !strcmp(schemebuf, "file")) { + if(urllen <= 6) + /* file:/ is not enough to actually be a complete file: URL */ + return CURLUE_MALFORMED_INPUT; + /* path has been allocated large enough to hold this */ strcpy(path, &url[5]); diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c index de3e3109d..1cc1a60ec 100644 --- a/tests/libtest/lib1560.c +++ b/tests/libtest/lib1560.c @@ -267,6 +267,12 @@ static const struct testcase get_parts_list[] ={ {"file:/hello.html", "file | [11] | [12] | [13] | [14] | [15] | /hello.html | [16] | [17]", 0, 0, CURLUE_OK}, + {"file:/h", + "file | [11] | [12] | [13] | [14] | [15] | /h | [16] | [17]", + 0, 0, CURLUE_OK}, + {"file:/", + "file | [11] | [12] | [13] | [14] | [15] | | [16] | [17]", + 0, 0, CURLUE_MALFORMED_INPUT}, {"file://127.0.0.1/hello.html", "file | [11] | [12] | [13] | [14] | [15] | /hello.html | [16] | [17]", 0, 0, CURLUE_OK}, |