From aadb7c7b62251c4e760930d543105f2b10cbd9b2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 6 Mar 2017 16:08:21 +0100 Subject: URL: return error on malformed URLs with junk after port number ... because it causes confusion with users. Example URLs: "http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will parse and claim uses port number 80, while libcurl would use port number 11211. "http://user@example.com:80@localhost" which by the WHATWG URL spec will be treated to contain user name 'user@example.com' but according to RFC3986 is user name 'user' for the host 'example.com' and then port 80 is followed by "@localhost" Both these formats are now rejected, and verified so in test 1260. Reported-by: Orange Tsai --- lib/url.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/url.c b/lib/url.c index 2072a61bd..300fc4d14 100644 --- a/lib/url.c +++ b/lib/url.c @@ -5643,7 +5643,7 @@ static CURLcode parse_remote_port(struct Curl_easy *data, } #endif - portptr = strrchr(conn->host.name, ':'); + portptr = strchr(conn->host.name, ':'); } if(data->set.use_port && data->state.allow_port) { @@ -5698,15 +5698,16 @@ static CURLcode parse_remote_port(struct Curl_easy *data, return CURLE_URL_MALFORMAT; } - else if(rest != &portptr[1]) { + if(rest[0]) { + failf(data, "Port number ended with '%c'", rest[0]); + return CURLE_URL_MALFORMAT; + } + + if(rest != &portptr[1]) { *portptr = '\0'; /* cut off the name there */ conn->remote_port = curlx_ultous(port); } else { - if(rest[0]) { - failf(data, "Illegal port number"); - return CURLE_URL_MALFORMAT; - } /* Browser behavior adaptation. If there's a colon with no digits after, just cut off the name there which makes us ignore the colon and just use the default port. Firefox and Chrome both do that. */ -- cgit v1.2.3