aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/urlapi-int.h7
-rw-r--r--lib/urlapi.c7
2 files changed, 8 insertions, 6 deletions
diff --git a/lib/urlapi-int.h b/lib/urlapi-int.h
index 75a360542..5f059c203 100644
--- a/lib/urlapi-int.h
+++ b/lib/urlapi-int.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -22,9 +22,8 @@
*
***************************************************************************/
#include "curl_setup.h"
-/* scheme is not URL encoded, the longest libcurl supported ones are 6
- letters */
-#define MAX_SCHEME_LEN 8
+/* scheme is not URL encoded, the longest libcurl supported ones are... */
+#define MAX_SCHEME_LEN 40
bool Curl_is_absolute_url(const char *url, char *scheme, size_t buflen);
char *Curl_concat_url(const char *base, const char *relurl);
diff --git a/lib/urlapi.c b/lib/urlapi.c
index 3fef2fcf7..d07e4f5df 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -652,7 +652,7 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
char *fragment = NULL;
CURLUcode result;
bool url_has_scheme = FALSE;
- char schemebuf[MAX_SCHEME_LEN];
+ char schemebuf[MAX_SCHEME_LEN + 1];
char *schemep = NULL;
size_t schemelen = 0;
size_t urllen;
@@ -1217,6 +1217,9 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
switch(what) {
case CURLUPART_SCHEME:
+ if(strlen(part) > MAX_SCHEME_LEN)
+ /* too long */
+ return CURLUE_MALFORMED_INPUT;
if(!(flags & CURLU_NON_SUPPORT_SCHEME) &&
/* verify that it is a fine scheme */
!Curl_builtin_scheme(part))
@@ -1279,7 +1282,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
char *redired_url;
CURLU *handle2;
- if(Curl_is_absolute_url(part, NULL, MAX_SCHEME_LEN)) {
+ if(Curl_is_absolute_url(part, NULL, MAX_SCHEME_LEN + 1)) {
handle2 = curl_url();
if(!handle2)
return CURLUE_OUT_OF_MEMORY;