diff options
author | Daniel Stenberg <daniel@haxx.se> | 2017-11-17 16:48:37 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-11-22 11:14:06 +0100 |
commit | fa939220dfff7607ed7b0522b549ecb482a5e1ac (patch) | |
tree | 9bca9d18c034a82b117525900fb27a4aa37986af | |
parent | 9554c3c6e56e23153d4e1025b62c7a6402464a7c (diff) | |
download | curl-fa939220dfff7607ed7b0522b549ecb482a5e1ac.tar.gz |
url: reject ASCII control characters and space in host names
Host names like "127.0.0.1 moo" would otherwise be accepted by some
getaddrinfo() implementations.
Updated test 1034 and 1035 accordingly.
Fixes #2073
Closes #2092
-rw-r--r-- | lib/url.c | 49 | ||||
-rw-r--r-- | tests/data/test1034 | 25 | ||||
-rw-r--r-- | tests/data/test1035 | 21 |
3 files changed, 47 insertions, 48 deletions
@@ -1687,7 +1687,7 @@ static bool is_ASCII_name(const char *hostname) /* * Perform any necessary IDN conversion of hostname */ -static void fix_hostname(struct connectdata *conn, struct hostname *host) +static CURLcode fix_hostname(struct connectdata *conn, struct hostname *host) { size_t len; struct Curl_easy *data = conn->data; @@ -1727,9 +1727,11 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) /* change the name pointer to point to the encoded hostname */ host->name = host->encalloc; } - else - infof(data, "Failed to convert %s to ACE; %s\n", host->name, + else { + failf(data, "Failed to convert %s to ACE; %s\n", host->name, idn2_strerror(rc)); + return CURLE_URL_MALFORMAT; + } } #elif defined(USE_WIN32_IDN) char *ace_hostname = NULL; @@ -1739,12 +1741,24 @@ static void fix_hostname(struct connectdata *conn, struct hostname *host) /* change the name pointer to point to the encoded hostname */ host->name = host->encalloc; } - else - infof(data, "Failed to convert %s to ACE;\n", host->name); + else { + failf(data, "Failed to convert %s to ACE;\n", host->name); + return CURLE_URL_MALFORMAT; + } #else infof(data, "IDN support not present, can't parse Unicode domains\n"); #endif } + { + char *hostp; + for(hostp = host->name; *hostp; hostp++) { + if(*hostp <= 32) { + failf(data, "Host name '%s' contains bad letter", host->name); + return CURLE_URL_MALFORMAT; + } + } + } + return CURLE_OK; } /* @@ -4178,13 +4192,24 @@ static CURLcode create_conn(struct Curl_easy *data, /************************************************************* * IDN-fix the hostnames *************************************************************/ - fix_hostname(conn, &conn->host); - if(conn->bits.conn_to_host) - fix_hostname(conn, &conn->conn_to_host); - if(conn->bits.httpproxy) - fix_hostname(conn, &conn->http_proxy.host); - if(conn->bits.socksproxy) - fix_hostname(conn, &conn->socks_proxy.host); + result = fix_hostname(conn, &conn->host); + if(result) + goto out; + if(conn->bits.conn_to_host) { + result = fix_hostname(conn, &conn->conn_to_host); + if(result) + goto out; + } + if(conn->bits.httpproxy) { + result = fix_hostname(conn, &conn->http_proxy.host); + if(result) + goto out; + } + if(conn->bits.socksproxy) { + result = fix_hostname(conn, &conn->socks_proxy.host); + if(result) + goto out; + } /************************************************************* * Check whether the host and the "connect to host" are equal. diff --git a/tests/data/test1034 b/tests/data/test1034 index 6c1beb671..beab0d3c0 100644 --- a/tests/data/test1034 +++ b/tests/data/test1034 @@ -13,24 +13,17 @@ config file # # Server-side <reply> -<data> -HTTP/1.0 503 Service Unavailable
-Date: Thu, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake swsclose
-Content-Type: text/html
-Funny-head: yesyes
-
-</data> </reply> # # Client-side <client> <server> -http +none </server> <features> idn +http </features> <setenv> LC_ALL= @@ -54,17 +47,9 @@ url = "http://invalid-utf8-â.local/page/1034" </client> # -# Verify data after the test has been "shot" <verify> -<strip> -^User-Agent:.* -</strip> -<protocol> -GET http://invalid-utf8-â.local/page/1034 HTTP/1.1
-Host: invalid-utf8-â.local
-Accept: */*
-Proxy-Connection: Keep-Alive
-
-</protocol> +<errorcode> +3 +</errorcode> </verify> </testcase> diff --git a/tests/data/test1035 b/tests/data/test1035 index 033a48a72..a316c51e1 100644 --- a/tests/data/test1035 +++ b/tests/data/test1035 @@ -12,24 +12,17 @@ FAILURE # # Server-side <reply> -<data> -HTTP/1.0 503 Service Unavailable
-Date: Thu, 09 Nov 2010 14:49:00 GMT
-Server: test-server/fake swsclose
-Content-Type: text/html
-Funny-head: yesyes
-
-</data> </reply> # # Client-side <client> <server> -http +none </server> <features> idn +http </features> <setenv> LC_ALL= @@ -52,12 +45,8 @@ http://too-long-IDN-name-cĂźrl-rĂźles-la-la-la-dee-da-flooby-nooby.local/page/10 <strip> ^User-Agent:.* </strip> -<protocol> -GET http://too-long-IDN-name-cĂźrl-rĂźles-la-la-la-dee-da-flooby-nooby.local/page/1035 HTTP/1.1
-Host: too-long-IDN-name-cĂźrl-rĂźles-la-la-la-dee-da-flooby-nooby.local
-Accept: */*
-Proxy-Connection: Keep-Alive
-
-</protocol> +<errorcode> +3 +</errorcode> </verify> </testcase> |