url-parsing: reject CRLFs within URLs

Bug: http://curl.haxx.se/docs/adv_20150108B.html Reported-by: Andrey Labunets
author: Daniel Stenberg <daniel@haxx.se> 2014-12-25 23:55:03 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2015-01-07 22:55:56 +0100
commit: 178bd7db34f77e020fb8562890c5625ccbd67093 (patch)
tree: 91533e1b0acddc41456cc249c9150a033f9bf95a
parent: f7d5ecec9c99d283a9a196eca88ba70560321eaf (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/url.c b/lib/url.c
index 788f04849..d3bb5e011 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3842,6 +3842,13 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
 
   *prot_missing = FALSE;
 
+  /* We might pass the entire URL into the request so we need to make sure
+   * there are no bad characters in there.*/
+  if(strpbrk(data->change.url, "\r\n")) {
+    failf(data, "Illegal characters found in URL");
+    return CURLE_URL_MALFORMAT;
+  }
+
   /*************************************************************
    * Parse the URL.
    *
author	Daniel Stenberg <daniel@haxx.se>	2014-12-25 23:55:03 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2015-01-07 22:55:56 +0100
commit	178bd7db34f77e020fb8562890c5625ccbd67093 (patch)
tree	91533e1b0acddc41456cc249c9150a033f9bf95a
parent	f7d5ecec9c99d283a9a196eca88ba70560321eaf (diff)