diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2020-12-04 17:27:57 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2020-12-07 00:50:49 +0100 |
| commit | abd846c374c5269809ce11740754bc6f00a0b193 (patch) | |
| tree | 29d4b2139f86ca3989bcb5431c4feb0f1d92b7b6 /tests | |
| parent | 2260e0ebe6d45529495231b3e37a0c58fb92a6a2 (diff) | |
| download | gnurl-abd846c374c5269809ce11740754bc6f00a0b193.tar.gz gnurl-abd846c374c5269809ce11740754bc6f00a0b193.tar.bz2 gnurl-abd846c374c5269809ce11740754bc6f00a0b193.zip | |
urlapi: don't accept blank port number field without scheme
... as it makes the URL parser accept "very-long-hostname://" as a valid
host name and we don't want that. The parser now only accepts a blank
(no digits) after the colon if the URL starts with a scheme.
Reported-by: d4d on hackerone
Closes #6283
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/data/test1653 | 2 | ||||
| -rw-r--r-- | tests/unit/unit1653.c | 40 |
2 files changed, 29 insertions, 13 deletions
diff --git a/tests/data/test1653 b/tests/data/test1653 index 59ec3f396..fff7f6e56 100644 --- a/tests/data/test1653 +++ b/tests/data/test1653 @@ -14,7 +14,7 @@ none unittest </features> <name> -urlapi +urlapi port number parsing </name> </client> </testcase> diff --git a/tests/unit/unit1653.c b/tests/unit/unit1653.c index d245ea6ec..7d02ae6de 100644 --- a/tests/unit/unit1653.c +++ b/tests/unit/unit1653.c @@ -55,7 +55,7 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15]"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret == CURLUE_OK, "Curl_parse_port returned error"); ret = curl_url_get(u, CURLUPART_PORT, &portnum, CURLU_NO_DEFAULT_PORT); fail_unless(ret != CURLUE_OK, "curl_url_get portnum returned something"); @@ -69,7 +69,7 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15|"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret != CURLUE_OK, "Curl_parse_port true on error"); free_and_clear(ipv6port); curl_url_cleanup(u); @@ -80,7 +80,7 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff;fea7:da15]:80"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret != CURLUE_OK, "Curl_parse_port true on error"); free_and_clear(ipv6port); curl_url_cleanup(u); @@ -92,7 +92,7 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15%25eth3]:80"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret == CURLUE_OK, "Curl_parse_port returned error"); ret = curl_url_get(u, CURLUPART_PORT, &portnum, 0); fail_unless(ret == CURLUE_OK, "curl_url_get portnum returned error"); @@ -108,7 +108,7 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15%25eth3]"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret == CURLUE_OK, "Curl_parse_port returned error"); free_and_clear(ipv6port); curl_url_cleanup(u); @@ -120,7 +120,7 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15]:81"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret == CURLUE_OK, "Curl_parse_port returned error"); ret = curl_url_get(u, CURLUPART_PORT, &portnum, 0); fail_unless(ret == CURLUE_OK, "curl_url_get portnum returned error"); @@ -136,7 +136,7 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15];81"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret != CURLUE_OK, "Curl_parse_port true on error"); free_and_clear(ipv6port); curl_url_cleanup(u); @@ -147,19 +147,20 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15]80"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret != CURLUE_OK, "Curl_parse_port true on error"); free_and_clear(ipv6port); curl_url_cleanup(u); - /* Valid IPv6 with no port after the colon, should use default */ + /* Valid IPv6 with no port after the colon, should use default if a scheme + was used in the URL */ u = curl_url(); if(!u) goto fail; ipv6port = strdup("[fe80::250:56ff:fea7:da15]:"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, TRUE); fail_unless(ret == CURLUE_OK, "Curl_parse_port returned error"); free_and_clear(ipv6port); curl_url_cleanup(u); @@ -171,7 +172,7 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15!25eth3]:80"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret != CURLUE_OK, "Curl_parse_port returned non-error"); free_and_clear(ipv6port); curl_url_cleanup(u); @@ -183,10 +184,25 @@ UNITTEST_START ipv6port = strdup("[fe80::250:56ff:fea7:da15%eth3]:80"); if(!ipv6port) goto fail; - ret = Curl_parse_port(u, ipv6port); + ret = Curl_parse_port(u, ipv6port, FALSE); fail_unless(ret == CURLUE_OK, "Curl_parse_port returned error"); + free_and_clear(ipv6port); + curl_url_cleanup(u); + + /* No scheme and no digits following the colon - not accepted. Because that + makes (a*50):// that looks like a scheme be an acceptable input. */ + u = curl_url(); + if(!u) + goto fail; + ipv6port = strdup("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaa:"); + if(!ipv6port) + goto fail; + ret = Curl_parse_port(u, ipv6port, FALSE); + fail_unless(ret == CURLUE_BAD_PORT_NUMBER, "Curl_parse_port did wrong"); fail: free(ipv6port); curl_url_cleanup(u); + } UNITTEST_STOP |