[GNUnet-SVN] [gnurl] 210/220: urlapi: verify the IPv6 numerical address

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 210/220: urlapi: verify the IPv6 numerical address

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 210/220: urlapi: verify the IPv6 numerical address
Date:	Thu, 12 Sep 2019 17:29:30 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit eab3c580f955c571253ab0ebd062b5f8c8d2b82f
Author: Daniel Stenberg <address@hidden>
AuthorDate: Wed Sep 4 23:49:30 2019 +0200

    urlapi: verify the IPv6 numerical address
    
    It needs to parse correctly. Otherwise it could be tricked into letting
    through a-f using host names that libcurl would then resolve. Like
    '[ab.be]'.
    
    Reported-by: Thomas Vegas
    Closes #4315
---
 lib/urlapi.c            | 17 +++++++++++++----
 tests/libtest/lib1560.c |  4 ++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/lib/urlapi.c b/lib/urlapi.c
index d07e4f5df..03efccd7b 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -29,6 +29,7 @@
 #include "url.h"
 #include "escape.h"
 #include "curl_ctype.h"
+#include "inet_pton.h"
 
 /* The last 3 #include files should be in this order */
 #include "curl_printf.h"
@@ -591,20 +592,22 @@ static CURLUcode junkscan(char *part)
 
 static CURLUcode hostname_check(struct Curl_URL *u, char *hostname)
 {
-  const char *l = NULL; /* accepted characters */
   size_t len;
   size_t hlen = strlen(hostname);
 
   if(hostname[0] == '[') {
+    char dest[16]; /* fits a binary IPv6 address */
+    const char *l = "0123456789abcdefABCDEF::.";
     hostname++;
-    l = "0123456789abcdefABCDEF::.";
     hlen -= 2;
-  }
 
-  if(l) {
+    if(hostname[hlen] != ']')
+      return CURLUE_MALFORMED_INPUT;
+
     /* only valid letters are ok */
     len = strspn(hostname, l);
     if(hlen != len) {
+      hlen = len;
       if(hostname[len] == '%') {
         /* this could now be '%[zone id]' */
         char zoneid[16];
@@ -628,6 +631,12 @@ static CURLUcode hostname_check(struct Curl_URL *u, char 
*hostname)
         return CURLUE_MALFORMED_INPUT;
       /* hostname is fine */
     }
+#ifdef ENABLE_IPV6
+    hostname[hlen] = 0; /* end the address there */
+    if(1 != Curl_inet_pton(AF_INET6, hostname, dest))
+      return CURLUE_MALFORMED_INPUT;
+    hostname[hlen] = ']'; /* restore ending bracket */
+#endif
   }
   else {
     /* letters from the second string is not ok */
diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c
index 1185096d8..85884474e 100644
--- a/tests/libtest/lib1560.c
+++ b/tests/libtest/lib1560.c
@@ -140,6 +140,10 @@ static struct testcase get_parts_list[] ={
    "file | [11] | [12] | [13] | [14] | [15] | C:\\programs\\foo | [16] | [17]",
    CURLU_DEFAULT_SCHEME, 0, CURLUE_OK},
 #endif
+  {"http://[ab.be:1]/x";, "",
+   CURLU_DEFAULT_SCHEME, 0, CURLUE_MALFORMED_INPUT},
+  {"http://[ab.be]/x";, "",
+   CURLU_DEFAULT_SCHEME, 0, CURLUE_MALFORMED_INPUT},
   /* URL without host name */
   {"http://a:b@/x";, "",
    CURLU_DEFAULT_SCHEME, 0, CURLUE_NO_HOST},

-- 
To stop receiving notification emails like this one, please contact
address@hidden.

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 199/220: RELEASE-NOTES: synced, (continued)
- [GNUnet-SVN] [gnurl] 199/220: RELEASE-NOTES: synced, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 217/220: update sed script, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 151/220: http: remove chunked-encoding and expect header use for HTTP/3, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 189/220: CI: remove duplicate configure flag for LGTM.com, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 195/220: smtp: check for and bail out on too short EHLO response, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 205/220: Curl_fillreadbuffer: avoid double-free trailer buf on error, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 204/220: tool_setopt: handle a libcurl build without netrc support, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 194/220: smb: init *msg to NULL in smb_send_and_recv(), gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 207/220: sspi: fix memory leaks, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 209/220: openssl: use SSL_CTX_set_<min|max>_proto_version() when available, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 210/220: urlapi: verify the IPv6 numerical address, gnunet <=
- [GNUnet-SVN] [gnurl] 218/220: docs: curl->gnurl sed, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 220/220: doc: man 3 rename., gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 219/220: rename man 3 file, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 208/220: openssl: indent, re-organize and add comments, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 203/220: security:read_data fix bad realloc(), gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 196/220: cleanup: move functions out of url.c and make them static, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 214/220: RELEASE-NOTES: curl 7.66.0, gnunet, 2019/09/12
- [GNUnet-SVN] [gnurl] 216/220: Merge tag 'curl-7_66_0', gnunet, 2019/09/12

Prev by Date: [GNUnet-SVN] [gnurl] 209/220: openssl: use SSL_CTX_set_<min|max>_proto_version() when available
Next by Date: [GNUnet-SVN] [gnurl] 218/220: docs: curl->gnurl sed
Previous by thread: [GNUnet-SVN] [gnurl] 209/220: openssl: use SSL_CTX_set_<min|max>_proto_version() when available
Next by thread: [GNUnet-SVN] [gnurl] 218/220: docs: curl->gnurl sed
Index(es):
- Date
- Thread