diff options
author | Daniel Stenberg <daniel@haxx.se> | 2022-10-28 10:51:49 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-10-28 17:54:48 +0200 |
commit | b830f9ba9e94acf672cd191993ff679fa888838b (patch) | |
tree | 1befd373d5bb15417b6908056629e60c724e65fa /lib/noproxy.c | |
parent | d4fed2a13a81d23e73f1fb491c335a1b1d91e3fb (diff) | |
download | curl-b830f9ba9e94acf672cd191993ff679fa888838b.tar.gz |
noproxy: fix tail-matching
Also ignore trailing dots in both host name and comparison pattern.
Regression in 7.86.0 (from 1e9a538e05c0)
Extended test 1614 to verify better.
Reported-by: Henning Schild
Fixes #9821
Closes #9822
Diffstat (limited to 'lib/noproxy.c')
-rw-r--r-- | lib/noproxy.c | 30 |
1 files changed, 23 insertions, 7 deletions
diff --git a/lib/noproxy.c b/lib/noproxy.c index 58bc69a2d..2832ae166 100644 --- a/lib/noproxy.c +++ b/lib/noproxy.c @@ -153,9 +153,14 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) } else { unsigned int address; + namelen = strlen(name); if(1 == Curl_inet_pton(AF_INET, name, &address)) type = TYPE_IPV4; - namelen = strlen(name); + else { + /* ignore trailing dots in the host name */ + if(name[namelen - 1] == '.') + namelen--; + } } while(*p) { @@ -177,12 +182,23 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy) if(tokenlen) { switch(type) { case TYPE_HOST: - if(*token == '.') { - ++token; - --tokenlen; - /* tailmatch */ - match = (tokenlen <= namelen) && - strncasecompare(token, name + (namelen - tokenlen), namelen); + /* ignore trailing dots in the token to check */ + if(token[tokenlen - 1] == '.') + tokenlen--; + + if(tokenlen && (*token == '.')) { + /* A: example.com matches '.example.com' + B: www.example.com matches '.example.com' + C: nonexample.com DOES NOT match '.example.com' + */ + if((tokenlen - 1) == namelen) + /* case A, exact match without leading dot */ + match = strncasecompare(token + 1, name, namelen); + else if(tokenlen < namelen) + /* case B, tailmatch with leading dot */ + match = strncasecompare(token, name + (namelen - tokenlen), + tokenlen); + /* case C passes through, not a match */ } else match = (tokenlen == namelen) && |