doh: allow only http and https in debug mode

Otherwise curl may be told to use for instance pop3 to communicate with the doh server, which most likely is not what you want. Found through fuzzing. Closes #4406
author: Paul Dreik <github@pauldreik.se> 2019-09-23 13:11:49 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2019-09-23 22:38:23 +0200
commit: a5bf6a36c53fd860c1e9ef92e60ec08a4ad8f8e7 (patch)
tree: 3549474be06c4bdd581bcbd5e78d9340982c647f
parent: bb7420180497f6087cd2d894253beb2532a0569e (diff)
download: curl-a5bf6a36c53fd860c1e9ef92e60ec08a4ad8f8e7.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/doh.c b/lib/doh.c
index 05a6cc235..196e89d93 100644
--- a/lib/doh.c
+++ b/lib/doh.c
@@ -264,6 +264,9 @@ static CURLcode dohprobe(struct Curl_easy *data,
 #ifndef CURLDEBUG
     /* enforce HTTPS if not debug */
     ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTPS);
+#else
+    /* in debug mode, also allow http */
+    ERROR_CHECK_SETOPT(CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS);
 #endif
     ERROR_CHECK_SETOPT(CURLOPT_TIMEOUT_MS, (long)timeout_ms);
     if(data->set.verbose)
author	Paul Dreik <github@pauldreik.se>	2019-09-23 13:11:49 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2019-09-23 22:38:23 +0200
commit	a5bf6a36c53fd860c1e9ef92e60ec08a4ad8f8e7 (patch)
tree	3549474be06c4bdd581bcbd5e78d9340982c647f
parent	bb7420180497f6087cd2d894253beb2532a0569e (diff)
download	curl-a5bf6a36c53fd860c1e9ef92e60ec08a4ad8f8e7.tar.gz