summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-12-11 16:08:51 +0100
committerDaniel Stenberg <daniel@haxx.se>2018-12-12 07:58:47 +0100
commit435402cfe3f6e50b08e344211878d800184b5eb8 (patch)
treee4ceb2ca5ba9d6d36821686e10d6eabd2370fbdc /lib
parentecb2e194d45c92e430bcf133fcee85a8a336cfcb (diff)
downloadcurl-435402cfe3f6e50b08e344211878d800184b5eb8.tar.gz
Curl_follow: extract the Location: header field unvalidated
... when not actually following the redirect. Otherwise we return error for this and an application can't extract the value. Test 1518 added to verify. Reported-by: Pavel Pavlov Fixes #3340 Closes #3364
Diffstat (limited to 'lib')
-rw-r--r--lib/transfer.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/lib/transfer.c b/lib/transfer.c
index 5b1af4ebe..6390821bb 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1534,12 +1534,22 @@ CURLcode Curl_follow(struct Curl_easy *data,
DEBUGASSERT(data->state.uh);
uc = curl_url_set(data->state.uh, CURLUPART_URL, newurl,
(type == FOLLOW_FAKE) ? CURLU_NON_SUPPORT_SCHEME : 0);
- if(uc)
- return Curl_uc_to_curlcode(uc);
+ if(uc) {
+ if(type != FOLLOW_FAKE)
+ return Curl_uc_to_curlcode(uc);
+
+ /* the URL could not be parsed for some reason, but since this is FAKE
+ mode, just duplicate the field as-is */
+ newurl = strdup(newurl);
+ if(!newurl)
+ return CURLE_OUT_OF_MEMORY;
+ }
+ else {
- uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);
- if(uc)
- return Curl_uc_to_curlcode(uc);
+ uc = curl_url_get(data->state.uh, CURLUPART_URL, &newurl, 0);
+ if(uc)
+ return Curl_uc_to_curlcode(uc);
+ }
if(type == FOLLOW_FAKE) {
/* we're only figuring out the new url if we would've followed locations