diff options
-rw-r--r-- | lib/urlapi.c | 3 | ||||
-rw-r--r-- | tests/libtest/lib1560.c | 10 |
2 files changed, 13 insertions, 0 deletions
diff --git a/lib/urlapi.c b/lib/urlapi.c index 1b849aab5..d07e4f5df 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -1217,6 +1217,9 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, switch(what) { case CURLUPART_SCHEME: + if(strlen(part) > MAX_SCHEME_LEN) + /* too long */ + return CURLUE_MALFORMED_INPUT; if(!(flags & CURLU_NON_SUPPORT_SCHEME) && /* verify that it is a fine scheme */ !Curl_builtin_scheme(part)) diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c index 6d52bc902..1b72599ec 100644 --- a/tests/libtest/lib1560.c +++ b/tests/libtest/lib1560.c @@ -425,6 +425,16 @@ static int checkurl(const char *url, const char *out) /* !checksrc! disable SPACEBEFORECOMMA 1 */ static struct setcase set_parts_list[] = { + {"https://example.com/", + /* Set a 41 bytes scheme. That's too long so the old scheme remains set. */ + "scheme=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc,", + "https://example.com/", + 0, CURLU_NON_SUPPORT_SCHEME, CURLUE_OK, CURLUE_MALFORMED_INPUT}, + {"https://example.com/", + /* set a 40 bytes scheme */ + "scheme=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb,", + "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb://example.com/", + 0, CURLU_NON_SUPPORT_SCHEME, CURLUE_OK, CURLUE_OK}, {"https://[::1%25fake]:1234/", "zoneid=NULL,", "https://[::1]:1234/", |