aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/url.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/url.c b/lib/url.c
index d572f0195..dccd7109e 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -4640,10 +4640,24 @@ static CURLcode parse_proxy(struct SessionHandle *data,
/* Get port number off proxy.server.com:1080 */
prox_portno = strchr(portptr, ':');
if(prox_portno) {
+ char *endp = NULL;
+ long port = 0;
*prox_portno = 0x0; /* cut off number from host name */
prox_portno ++;
/* now set the local port number */
- conn->port = strtol(prox_portno, NULL, 10);
+ port = strtol(prox_portno, &endp, 10);
+ if((endp && *endp && (*endp != '/') && (*endp != ' ')) ||
+ (port >= 65536) ) {
+ /* meant to detect for example invalid IPv6 numerical addresses without
+ brackets: "2a00:fac0:a000::7:13". Accept a trailing slash only
+ because we then allow "URL style" with the number followed by a
+ slash, used in curl test cases already. Space is also an acceptable
+ terminating symbol. */
+ infof(data, "No valid port number in proxy string (%s)\n",
+ prox_portno);
+ }
+ else
+ conn->port = port;
}
else {
if(proxyptr[0]=='/')