From 72b72fe8edc7e4fadc1d2f5ff106b60aeb88d512 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 23 Apr 2012 20:23:53 +0200 Subject: URL parse: reject numerical IPv6 addresses outside brackets Roman Mamedov spotted (in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would not complain when given a URL with an IPv6 numerical address without brackets. It would simply cut off the last ":[hex]" part and thus not work correctly. That's a URL using an illegal syntax and now libcurl will instead return a clear error code and error message detailing the error. The above mentioned bug report claims this to be a regression but libcurl does not guarantee functionality when given URLs that aren't following the URL spec (RFC3986 mostly). I consider the fact that it used to handle this differently a mere coincidence. --- lib/url.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/url.c b/lib/url.c index d0c64281e..b78c200fa 100644 --- a/lib/url.c +++ b/lib/url.c @@ -105,6 +105,7 @@ int curl_win32_idn_to_ascii(const char *in, char **out); #include "rawstr.h" #include "warnless.h" #include "non-ascii.h" +#include "inet_pton.h" /* And now for the protocols */ #include "ftp.h" @@ -4495,8 +4496,19 @@ static CURLcode parse_remote_port(struct SessionHandle *data, portptr = NULL; /* no port number available */ } } - else + else { +#ifdef ENABLE_IPV6 + struct in6_addr in6; + if(Curl_inet_pton(AF_INET6, conn->host.name, &in6) > 0) { + /* This is a numerical IPv6 address, meaning this is a wrongly formatted + URL */ + failf(data, "IPv6 numerical address used in URL without brackets"); + return CURLE_URL_MALFORMAT; + } +#endif + portptr = strrchr(conn->host.name, ':'); + } if(data->set.use_port && data->state.allow_port) { /* if set, we use this and ignore the port possibly given in the URL */ -- cgit v1.2.3