From a74a20a673b85969ff04fce1f9cc047611ccec43 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 20 May 2019 10:24:18 +0200 Subject: fixup also prevent curl_url_set() to set a too long scheme --- lib/urlapi.c | 3 +++ tests/libtest/lib1560.c | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/lib/urlapi.c b/lib/urlapi.c index 1b849aab5..d07e4f5df 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -1217,6 +1217,9 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, switch(what) { case CURLUPART_SCHEME: + if(strlen(part) > MAX_SCHEME_LEN) + /* too long */ + return CURLUE_MALFORMED_INPUT; if(!(flags & CURLU_NON_SUPPORT_SCHEME) && /* verify that it is a fine scheme */ !Curl_builtin_scheme(part)) diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c index 6d52bc902..1b72599ec 100644 --- a/tests/libtest/lib1560.c +++ b/tests/libtest/lib1560.c @@ -425,6 +425,16 @@ static int checkurl(const char *url, const char *out) /* !checksrc! disable SPACEBEFORECOMMA 1 */ static struct setcase set_parts_list[] = { + {"https://example.com/", + /* Set a 41 bytes scheme. That's too long so the old scheme remains set. */ + "scheme=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbc,", + "https://example.com/", + 0, CURLU_NON_SUPPORT_SCHEME, CURLUE_OK, CURLUE_MALFORMED_INPUT}, + {"https://example.com/", + /* set a 40 bytes scheme */ + "scheme=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb,", + "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb://example.com/", + 0, CURLU_NON_SUPPORT_SCHEME, CURLUE_OK, CURLUE_OK}, {"https://[::1%25fake]:1234/", "zoneid=NULL,", "https://[::1]:1234/", -- cgit v1.2.1