diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2017-02-10 10:50:19 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-02-10 14:51:53 +0100 |
| commit | c5c4e816b461f69fa21699841a8ddd883cf4b46a (patch) | |
| tree | 8bc4675863dd64b7cfb60a2b768946922d1b76a6 /lib | |
| parent | 7017c421a1683a809c7cc18459a16bafc736626f (diff) | |
| download | curl-c5c4e816b461f69fa21699841a8ddd883cf4b46a.tar.gz | |
URL: only accept ";options" in SMTP/POP3/IMAP URL schemes
Fixes #1252
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/imap.c | 5 | ||||
| -rw-r--r-- | lib/pop3.c | 7 | ||||
| -rw-r--r-- | lib/smtp.c | 7 | ||||
| -rw-r--r-- | lib/url.c | 15 | ||||
| -rw-r--r-- | lib/urldata.h | 4 |
5 files changed, 25 insertions, 13 deletions
diff --git a/lib/imap.c b/lib/imap.c index 980002d97..44d350be2 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -130,7 +130,8 @@ const struct Curl_handler Curl_handler_imap = { ZERO_NULL, /* readwrite */ PORT_IMAP, /* defport */ CURLPROTO_IMAP, /* protocol */ - PROTOPT_CLOSEACTION /* flags */ + PROTOPT_CLOSEACTION| /* flags */ + PROTOPT_URLOPTIONS }; #ifdef USE_SSL diff --git a/lib/pop3.c b/lib/pop3.c index 433421a7b..3feb3be83 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -127,7 +127,8 @@ const struct Curl_handler Curl_handler_pop3 = { ZERO_NULL, /* readwrite */ PORT_POP3, /* defport */ CURLPROTO_POP3, /* protocol */ - PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */ + PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY | /* flags */ + PROTOPT_URLOPTIONS }; #ifdef USE_SSL @@ -153,7 +154,7 @@ const struct Curl_handler Curl_handler_pop3s = { PORT_POP3S, /* defport */ CURLPROTO_POP3S, /* protocol */ PROTOPT_CLOSEACTION | PROTOPT_SSL - | PROTOPT_NOURLQUERY /* flags */ + | PROTOPT_NOURLQUERY | PROTOPT_URLOPTIONS /* flags */ }; #endif diff --git a/lib/smtp.c b/lib/smtp.c index bc9ccdf19..adc346a69 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -126,7 +126,8 @@ const struct Curl_handler Curl_handler_smtp = { ZERO_NULL, /* readwrite */ PORT_SMTP, /* defport */ CURLPROTO_SMTP, /* protocol */ - PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY /* flags */ + PROTOPT_CLOSEACTION | PROTOPT_NOURLQUERY | /* flags */ + PROTOPT_URLOPTIONS }; #ifdef USE_SSL @@ -152,7 +153,7 @@ const struct Curl_handler Curl_handler_smtps = { PORT_SMTPS, /* defport */ CURLPROTO_SMTPS, /* protocol */ PROTOPT_CLOSEACTION | PROTOPT_SSL - | PROTOPT_NOURLQUERY /* flags */ + | PROTOPT_NOURLQUERY | PROTOPT_URLOPTIONS /* flags */ }; #endif @@ -4613,6 +4613,10 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, data->change.url_alloc = TRUE; /* free this later */ } + result = findprotocol(data, conn, protop); + if(result) + return result; + /* * Parse the login details from the URL and strip them out of * the host name @@ -4699,8 +4703,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, * conn->host.name is B * data->state.path is /C */ - - return findprotocol(data, conn, protop); + return CURLE_OK; } /* @@ -5206,6 +5209,7 @@ static CURLcode parse_url_login(struct Curl_easy *data, DEBUGASSERT(!**user); DEBUGASSERT(!**passwd); DEBUGASSERT(!**options); + DEBUGASSERT(conn->handler); if(!ptr) goto out; @@ -5224,9 +5228,12 @@ static CURLcode parse_url_login(struct Curl_easy *data, if(data->set.use_netrc == CURL_NETRC_REQUIRED) goto out; - /* We could use the login information in the URL so extract it */ + /* We could use the login information in the URL so extract it. Only parse + options if the handler says we should. */ result = parse_login_details(login, ptr - login - 1, - &userp, &passwdp, &optionsp); + &userp, &passwdp, + (conn->handler->flags & PROTOPT_URLOPTIONS)? + &optionsp:NULL); if(result) goto out; diff --git a/lib/urldata.h b/lib/urldata.h index 20057effa..e37b566a5 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -845,6 +845,8 @@ struct Curl_handler { request instead of per connection */ #define PROTOPT_ALPN_NPN (1<<8) /* set ALPN and/or NPN for this */ #define PROTOPT_STREAM (1<<9) /* a protocol with individual logical streams */ +#define PROTOPT_URLOPTIONS (1<<10) /* allow options part in the userinfo field + of the URL */ /* return the count of bytes sent, or -1 on error */ typedef ssize_t (Curl_send)(struct connectdata *conn, /* connection data */ |