diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-04-19 22:58:54 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-04-21 09:17:55 +0200 |
commit | 04488851e291ea0fc3f32e87ea637afcf1c2ca28 (patch) | |
tree | c08e26adf453232c65412e4d1a8a35f92a6e6dd1 /lib | |
parent | 9cb48457c6a9db533d6759a31a49ba13f1bc591b (diff) | |
download | curl-04488851e291ea0fc3f32e87ea637afcf1c2ca28.tar.gz |
urlapi: make sure no +/- signs are accepted in IPv4 numericals
Follow-up to 56a037cc0ad1b2. Extends test 1560 to verify.
Reported-by: Tuomas Siipola
Fixes #6916
Closes #6917
Diffstat (limited to 'lib')
-rw-r--r-- | lib/urlapi.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/urlapi.c b/lib/urlapi.c index 340dc33df..6483208ec 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -686,7 +686,11 @@ static bool ipv4_normalize(const char *hostname, char *outp, size_t olen) while(!done) { char *endp; - unsigned long l = strtoul(c, &endp, 0); + unsigned long l; + if((*c < '0') || (*c > '9')) + /* most importantly this doesn't allow a leading plus or minus */ + return FALSE; + l = strtoul(c, &endp, 0); /* overflow or nothing parsed at all */ if(((l == ULONG_MAX) && (errno == ERANGE)) || (endp == c)) |