diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2022-09-27 17:48:08 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2022-09-28 08:22:42 +0200 |
| commit | eb0167ff7d31d3a5e1f01e8b05e25b1bf94bb2a7 (patch) | |
| tree | 7f70e98728b2f772786c4180d6b07ca62865c92e /lib/urlapi.c | |
| parent | 267668308bca1253d3b415b6f95fa1515365002c (diff) | |
| download | curl-eb0167ff7d31d3a5e1f01e8b05e25b1bf94bb2a7.tar.gz | |
urlapi: reject more bad characters from the host name field
Extended test 1560 to verify
Report from the ongoing source code audit by Trail of Bits.
Closes #9608
Diffstat (limited to 'lib/urlapi.c')
| -rw-r--r-- | lib/urlapi.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/urlapi.c b/lib/urlapi.c index c28960ac1..b3c91a085 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -637,7 +637,7 @@ static CURLUcode hostname_check(struct Curl_URL *u, char *hostname, } else { /* letters from the second string are not ok */ - len = strcspn(hostname, " \r\n\t/:#?!@"); + len = strcspn(hostname, " \r\n\t/:#?!@{}[]\\$\'\"^`*<>=;,"); if(hlen != len) /* hostname with bad content */ return CURLUE_BAD_HOSTNAME; |