diff options
author | Daniel Stenberg <daniel@haxx.se> | 2015-09-08 13:42:48 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-09-08 15:17:00 +0200 |
commit | 87e533ace035849c612968fbad0a55dc93a93185 (patch) | |
tree | d48637cde9df0d4e1da45a0a6bf6579089ab601b /lib | |
parent | 27620171ffe1a47735de706aa0b0a66d45f867ed (diff) |
parse_proxy: reject illegal port numbers
If the port number in the proxy string ended weirdly or the number is
too large, skip it. Mostly as a means to bail out early if a "bare" IPv6
numerical address is used without enclosing brackets.
Also mention the bracket requirement for IPv6 numerical addresses to the
man page for CURLOPT_PROXY.
Closes #415
Reported-by: Marcel Raad
Diffstat (limited to 'lib')
-rw-r--r-- | lib/url.c | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -4640,10 +4640,24 @@ static CURLcode parse_proxy(struct SessionHandle *data, /* Get port number off proxy.server.com:1080 */ prox_portno = strchr(portptr, ':'); if(prox_portno) { + char *endp = NULL; + long port = 0; *prox_portno = 0x0; /* cut off number from host name */ prox_portno ++; /* now set the local port number */ - conn->port = strtol(prox_portno, NULL, 10); + port = strtol(prox_portno, &endp, 10); + if((endp && *endp && (*endp != '/') && (*endp != ' ')) || + (port >= 65536) ) { + /* meant to detect for example invalid IPv6 numerical addresses without + brackets: "2a00:fac0:a000::7:13". Accept a trailing slash only + because we then allow "URL style" with the number followed by a + slash, used in curl test cases already. Space is also an acceptable + terminating symbol. */ + infof(data, "No valid port number in proxy string (%s)\n", + prox_portno); + } + else + conn->port = port; } else { if(proxyptr[0]=='/') |