From 51a281b4170d5efe663bd160f4dadeb1e7d6ad47 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sun, 18 Feb 2024 11:39:20 +0100
Subject: add more sanity checks

---
 src/util/url.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'src')

diff --git a/src/util/url.c b/src/util/url.c
index bf59ba6ec..593aa9b54 100644
--- a/src/util/url.c
+++ b/src/util/url.c
@@ -222,6 +222,25 @@ TALER_url_join (const char *base_url,
                 "Empty base URL specified\n");
     return NULL;
   }
+  if (NULL != strchr (base_url,
+                      '?'))
+  {
+    /* query parameters not supported */
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Query parameters not allowed in base URL `%s'\n",
+                base_url);
+    return NULL;
+  }
+  if (NULL != strchr (path,
+                      '?'))
+  {
+    /* query parameters not supported */
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Query parameters not allowed in path `%s'\n",
+                path);
+    return NULL;
+  }
+
   if ('\0' != path[0])
   {
     if ('/' != base_url[strlen (base_url) - 1])
-- 
cgit v1.2.3