urlapi: increase supported scheme length to 40 bytes

The longest currently registered URI scheme at IANA is 36 bytes long. Closes #3905 Closes #3900
author: Omar Ramadan <omar.ramadan93@gmail.com> 2019-05-18 16:48:00 -0700
committer: Daniel Stenberg <daniel@haxx.se> 2019-05-20 15:27:02 +0200
commit: c454d7f3f433954bcc8300b2a8dd7d9ed0a80d2f (patch)
tree: 36e40aa884aa5495af1c1f852a813ae0ba8625a3 /lib/urlapi.c
parent: 10db3ef21eef1c7a1727579952a81ced2f4afc8b (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/urlapi.c b/lib/urlapi.c
index 3fef2fcf7..d07e4f5df 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -652,7 +652,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
   char *fragment = NULL;
   CURLUcode result;
   bool url_has_scheme = FALSE;
-  char schemebuf[MAX_SCHEME_LEN];
+  char schemebuf[MAX_SCHEME_LEN + 1];
   char *schemep = NULL;
   size_t schemelen = 0;
   size_t urllen;
@@ -1217,6 +1217,9 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
 
   switch(what) {
   case CURLUPART_SCHEME:
+    if(strlen(part) > MAX_SCHEME_LEN)
+      /* too long */
+      return CURLUE_MALFORMED_INPUT;
     if(!(flags & CURLU_NON_SUPPORT_SCHEME) &&
        /* verify that it is a fine scheme */
        !Curl_builtin_scheme(part))
@@ -1279,7 +1282,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
     char *redired_url;
     CURLU *handle2;
 
-    if(Curl_is_absolute_url(part, NULL, MAX_SCHEME_LEN)) {
+    if(Curl_is_absolute_url(part, NULL, MAX_SCHEME_LEN + 1)) {
       handle2 = curl_url();
       if(!handle2)
         return CURLUE_OUT_OF_MEMORY;
author	Omar Ramadan <omar.ramadan93@gmail.com>	2019-05-18 16:48:00 -0700
committer	Daniel Stenberg <daniel@haxx.se>	2019-05-20 15:27:02 +0200
commit	c454d7f3f433954bcc8300b2a8dd7d9ed0a80d2f (patch)
tree	36e40aa884aa5495af1c1f852a813ae0ba8625a3 /lib/urlapi.c
parent	10db3ef21eef1c7a1727579952a81ced2f4afc8b (diff)