aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2008-12-11 22:22:46 +0000
committerDaniel Stenberg <daniel@haxx.se>2008-12-11 22:22:46 +0000
commit1b4af1f8d821d3be0cb540e94f947841a967d70f (patch)
tree15d6bf94b355380fcf478bef8ec8e529a6160f1a
parent8e255534a1513584d2411b10b47ea1249d8aaedc (diff)
- Keshav Krity found out that libcurl failed to deal with dotted IPv6
addresses if they were very long (>39 letters) due to a too strict address validity parser. It now accepts addresses up to 45 bytes long.
-rw-r--r--CHANGES5
-rw-r--r--RELEASE-NOTES3
-rw-r--r--lib/url.c3
3 files changed, 9 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index 0f0f7029c..b428af81c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,11 @@
Changelog
Daniel Stenberg (11 Dec 2008)
+- Keshav Krity found out that libcurl failed to deal with dotted IPv6
+ addresses if they were very long (>39 letters) due to a too strict address
+ validity parser. It now accepts addresses up to 45 bytes long.
+
+Daniel Stenberg (11 Dec 2008)
- Internet Explorer had a broken HTTP digest authentication before v7 and
there are servers "out there" that relies on the client doing this broken
Digest authentication. Apache even comes with an option to work with such
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 06e3893d5..da0d98ba9 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -27,6 +27,7 @@ This release includes the following bugfixes:
o GSS authentication infinite loop problem
o 550 response from SIZE no longer treated as missing file
o ftps:// control connections now use explicit protection level
+ o dotted IPv6 addresses longer than 39 bytes failed
This release includes the following known bugs:
@@ -37,6 +38,6 @@ advice from friends like these:
Yang Tse, Daniel Fandrich, Jim Meyering, Christian Krause, Andreas Wurf,
Markus Koetter, Josef Wolf, Vlad Grachov, Pawel Kierski, Igor Novoseltsev,
- Fred Machado, Ken Hirsch
+ Fred Machado, Ken Hirsch, Keshav Krity
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/url.c b/lib/url.c
index 1cf8b08da..3e2b14e9d 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -3724,7 +3724,8 @@ static CURLcode parse_remote_port(struct SessionHandle *data,
char *portptr;
char endbracket;
- if((1 == sscanf(conn->host.name, "[%*39[0123456789abcdefABCDEF:.%]%c", &endbracket)) &&
+ if((1 == sscanf(conn->host.name, "[%*45[0123456789abcdefABCDEF:.%]%c",
+ &endbracket)) &&
(']' == endbracket)) {
/* this is a RFC2732-style specified IP-address */
conn->bits.ipv6_ip = TRUE;