aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/url.c30
-rw-r--r--tests/data/Makefile.inc2
-rw-r--r--tests/data/test114167
-rw-r--r--tests/data/test114262
-rw-r--r--tests/data/test114345
5 files changed, 200 insertions, 6 deletions
diff --git a/lib/url.c b/lib/url.c
index 2a3026650..3f0bde258 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4141,12 +4141,17 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
}
else {
/* clear path */
+ char slashbuf[4];
path[0]=0;
- if(2 > sscanf(data->change.url,
- "%15[^\n:]://%[^\n/?]%[^\n]",
- protobuf,
- conn->host.name, path)) {
+ rc = sscanf(data->change.url,
+ "%15[^\n:]:%3[/]%[^\n/?]%[^\n]",
+ protobuf, slashbuf, conn->host.name, path);
+ if(2 == rc) {
+ failf(data, "Bad URL");
+ return CURLE_URL_MALFORMAT;
+ }
+ if(3 > rc) {
/*
* The URL was badly formatted, let's try the browser-style _without_
@@ -4197,8 +4202,23 @@ static CURLcode parseurlandfillconn(struct SessionHandle *data,
*prot_missing = TRUE; /* not given in URL */
}
- else
+ else {
+ size_t s = strlen(slashbuf);
protop = protobuf;
+ if(s != 2) {
+ infof(data, "Unwillingly accepted illegal URL using %d slash%s!\n",
+ s, s>1?"es":"");
+
+ if(data->change.url_alloc)
+ free(data->change.url);
+ /* repair the URL to use two slashes */
+ data->change.url = aprintf("%s://%s%s",
+ protobuf, conn->host.name, path);
+ if(!data->change.url)
+ return CURLE_OUT_OF_MEMORY;
+ data->change.url_alloc = TRUE;
+ }
+ }
}
/* We search for '?' in the host name (but only on the right side of a
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index e3b5a880f..aa82227a6 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -119,7 +119,7 @@ test1104 test1105 test1106 test1107 test1108 test1109 test1110 test1111 \
test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 \
test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 \
test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \
-test1136 test1137 test1138 test1139 test1140 \
+test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \
\
test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \
test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \
diff --git a/tests/data/test1141 b/tests/data/test1141
new file mode 100644
index 000000000..31c505f66
--- /dev/null
+++ b/tests/data/test1141
@@ -0,0 +1,67 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 This is a weirdo text message
+Connection: close
+Location: http:///foo.example.com/want/11410001
+
+This server reply is for testing
+</data>
+<data1>
+HTTP/1.1 200 hello
+Connection: close
+Content-Length: 4
+
+hej
+</data1>
+<datacheck>
+HTTP/1.1 302 This is a weirdo text message
+Connection: close
+Location: http:///foo.example.com/want/11410001
+
+HTTP/1.1 200 hello
+Connection: close
+Content-Length: 4
+
+hej
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP redirect to http:/// (three slashes!)
+ </name>
+ <command>
+%HOSTIP:%HTTPPORT/want/1141 -L -x http://%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://%HOSTIP:%HTTPPORT/want/1141 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+GET http://foo.example.com/want/11410001 HTTP/1.1
+Host: foo.example.com
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
diff --git a/tests/data/test1142 b/tests/data/test1142
new file mode 100644
index 000000000..ebb0891b6
--- /dev/null
+++ b/tests/data/test1142
@@ -0,0 +1,62 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 302 This is a weirdo text message
+Connection: close
+Location: http:////foo.example.com/want/11420001
+
+This server reply is for testing
+</data>
+<data1>
+HTTP/1.1 200 hello
+Connection: close
+Content-Length: 4
+
+hej
+</data1>
+<datacheck>
+HTTP/1.1 302 This is a weirdo text message
+Connection: close
+Location: http:////foo.example.com/want/11420001
+
+</datacheck>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP redirect to http://// (four slashes!)
+ </name>
+ <command>
+%HOSTIP:%HTTPPORT/want/1142 -L -x http://%HOSTIP:%HTTPPORT
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET http://%HOSTIP:%HTTPPORT/want/1142 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+# 3, CURLE_URL_MALFORMAT for the four slashes
+<errorcode>
+3
+</errorcode>
+</verify>
+</testcase>
diff --git a/tests/data/test1143 b/tests/data/test1143
new file mode 100644
index 000000000..4f2f4435a
--- /dev/null
+++ b/tests/data/test1143
@@ -0,0 +1,45 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP GET
+followlocation
+</keywords>
+</info>
+# Server-side
+<reply>
+<data>
+HTTP/1.1 200 hello
+Connection: close
+Content-Length: 4
+
+hej
+</data>
+</reply>
+
+# Client-side
+<client>
+<server>
+http
+</server>
+ <name>
+HTTP URL with http:/ (one slash!)
+ </name>
+ <command>
+http:/%HOSTIP:%HTTPPORT/want/1143
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /want/1143 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol>
+</verify>
+</testcase>
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-16 21:50:24 +0000